From e7014ad6f08725db933095d075107bbea6e8f0c6 Mon Sep 17 00:00:00 2001 From: "slav.babanin" Date: Sun, 20 Jul 2025 13:21:38 -0700 Subject: [PATCH 1/6] Add X509 authentication tests. JAVA-5866 --- .evergreen/.evg.yml | 29 +++ .evergreen/run-x509-auth-tests.sh | 56 ++++++ .../client/X509AuthenticationTest.java | 28 +++ .../auth/AbstractX509AuthenticationTest.java | 167 ++++++++++++++++++ .../client/auth/X509AuthenticationTest.java | 28 +++ 5 files changed, 308 insertions(+) create mode 100755 .evergreen/run-x509-auth-tests.sh create mode 100644 driver-reactive-streams/src/test/functional/com/mongodb/reactivestreams/client/X509AuthenticationTest.java create mode 100644 driver-sync/src/test/functional/com/mongodb/client/auth/AbstractX509AuthenticationTest.java create mode 100644 driver-sync/src/test/functional/com/mongodb/client/auth/X509AuthenticationTest.java diff --git a/.evergreen/.evg.yml b/.evergreen/.evg.yml index 2dd37c1cd7..b7d8801e96 100644 --- a/.evergreen/.evg.yml +++ b/.evergreen/.evg.yml @@ -232,6 +232,17 @@ functions: cd $DRIVERS_TOOLS/.evergreen/auth_aws ./setup_secrets.sh drivers/aws_auth + "add-atlas-connect-variables-to-file": + - command: shell.exec + type: "test" + params: + include_expansions_in_env: [ "AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN" ] + shell: "bash" + working_dir: "src" + script: | + ${PREPARE_SHELL} + ${DRIVERS_TOOLS}/.evergreen/secrets_handling/setup-secrets.sh drivers/atlas_connect + "start-csfle-servers": - command: ec2.assume_role params: @@ -512,6 +523,16 @@ functions: # DO NOT ECHO WITH XTRACE (which PREPARE_SHELL does) JAVA_VERSION="8" MONGODB_URI="${plain_auth_mongodb_uri}" .evergreen/run-plain-auth-test.sh + "run-x509-auth-test": + - command: shell.exec + type: "test" + params: + silent: true + working_dir: "src" + script: | + # DO NOT ECHO WITH XTRACE (which PREPARE_SHELL does) + JAVA_VERSION="8" .evergreen/run-x509-auth-tests.sh + "run-aws-auth-test-with-regular-aws-credentials": - command: shell.exec type: "test" @@ -978,6 +999,13 @@ tasks: commands: - func: "run-plain-auth-test" + # Test that x509 auth using server with OpenSSL 3 succeeds. + - name: "atlas-x509-auth-test-task" + commands: + - func: "assume-aws-test-secrets-role" + - func: "add-atlas-connect-variables-to-file" + - func: "run-x509-auth-test" + - name: "aws-auth-test-with-regular-aws-credentials-task" commands: - func: "start-mongo-orchestration" @@ -2254,6 +2282,7 @@ buildvariants: - name: "atlas-deployed-task-group" - name: "atlas-search-task" - name: "atlas-connectivity-task" + - name: "atlas-x509-auth-test-task" - name: "atlas-data-lake-test" display_name: "Atlas Data Lake test" diff --git a/.evergreen/run-x509-auth-tests.sh b/.evergreen/run-x509-auth-tests.sh new file mode 100755 index 0000000000..67a41c4b49 --- /dev/null +++ b/.evergreen/run-x509-auth-tests.sh @@ -0,0 +1,56 @@ +#!/bin/bash + +# Exit the script with error if any of the commands fail +set -o errexit + +# Supported/used environment variables: +# JDK Set the version of java to be used. Java versions can be set from the java toolchain /opt/java +# ATLAS_X509_DEV Set the connection string for the Atlas X509 development cluster. +# ATLAS_X509_DEV_CERT_BASE64 Set the base64 encoded contents of a PEM file containing the client certificate (signed by the mongodb dev CA) and client private key for the X509 authentication on development cluster. +# ATLAS_X509_DEV_CERT_NOUSER_BASE64 Set the base64 encoded contents of a PEM file containing the client certificate (signed by the mongodb dev CA) and client private key for the X509 authentication on development cluster with the subject name that does not exist on the server/cluster. + +RELATIVE_DIR_PATH="$(dirname "${BASH_SOURCE:-$0}")" +. "${RELATIVE_DIR_PATH}/setup-env.bash" + +MONGODB_URI=${ATLAS_X509_DEV:-} +echo "$MONGODB_URI" +ATLAS_X509_DEV_CERT_BASE64=${ATLAS_X509_DEV_CERT_BASE64:-} +ATLAS_X509_DEV_CERT_NOUSER_BASE64=${ATLAS_X509_DEV_CERT_NOUSER_BASE64:-} + +############################################ +# Functions # +############################################ + +provision_keystores () { + # Base64 decode contents of a PEM holder for client certificate (signed by the mongodb dev CA) and private key + echo "${ATLAS_X509_DEV_CERT_BASE64}" | base64 --decode > ca_and_pk.pem + echo "${ATLAS_X509_DEV_CERT_NOUSER_BASE64}" | base64 --decode > ca_and_pk_no_user.pem + + # Build the pkcs12 (keystore). We include the leaf-only certificate (with public key) and private key in the keystore, + # assuming the signed certificate is already trusted by the Atlas as issuer is MongoDB dev CA. + echo "Creating PKCS12 keystore from ca_and_pk.pem" + openssl pkcs12 -export \ + -in ca_and_pk.pem \ + -out existing_user.p12 \ + -password pass:test + + echo "Creating PKCS12 keystore from ca_and_pk_no_user.pem" + openssl pkcs12 -export \ + -in ca_and_pk_no_user.pem \ + -out non_existing_user.p12 \ + -password pass:test +} + +############################################ +# Main Program # +############################################ +echo "Running X509 Authentication tests with Java ${JAVA_VERSION}" + +# Set up keystores for x509 authentication. +provision_keystores + +./gradlew -PjavaVersion=${JAVA_VERSION} -Dorg.mongodb.test.uri=${MONGODB_URI} --info --continue \ + -Dorg.mongodb.test.x509.auth=true \ + -Dorg.mongodb.test.x509.auth.keystore.location="$(pwd)" \ + driver-sync:test --tests X509AuthenticationTest \ + driver-reactive-streams:test --tests X509AuthenticationTest \ No newline at end of file diff --git a/driver-reactive-streams/src/test/functional/com/mongodb/reactivestreams/client/X509AuthenticationTest.java b/driver-reactive-streams/src/test/functional/com/mongodb/reactivestreams/client/X509AuthenticationTest.java new file mode 100644 index 0000000000..68989649a7 --- /dev/null +++ b/driver-reactive-streams/src/test/functional/com/mongodb/reactivestreams/client/X509AuthenticationTest.java @@ -0,0 +1,28 @@ +/* + * Copyright 2008-present MongoDB, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.mongodb.reactivestreams.client; + +import com.mongodb.MongoClientSettings; +import com.mongodb.client.auth.AbstractX509AuthenticationTest; +import com.mongodb.reactivestreams.client.syncadapter.SyncMongoClient; + +public class X509AuthenticationTest extends AbstractX509AuthenticationTest { + @Override + protected com.mongodb.client.MongoClient createMongoClient(final MongoClientSettings mongoClientSettings) { + return new SyncMongoClient(MongoClients.create(mongoClientSettings)); + } +} diff --git a/driver-sync/src/test/functional/com/mongodb/client/auth/AbstractX509AuthenticationTest.java b/driver-sync/src/test/functional/com/mongodb/client/auth/AbstractX509AuthenticationTest.java new file mode 100644 index 0000000000..44b3509218 --- /dev/null +++ b/driver-sync/src/test/functional/com/mongodb/client/auth/AbstractX509AuthenticationTest.java @@ -0,0 +1,167 @@ +/* + * Copyright 2008-present MongoDB, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.mongodb.client.auth; + +import com.mongodb.MongoClientSettings; +import com.mongodb.MongoCommandException; +import com.mongodb.MongoSecurityException; +import com.mongodb.client.Fixture; +import com.mongodb.client.MongoClient; +import com.mongodb.connection.NettyTransportSettings; +import io.netty.handler.ssl.SslContextBuilder; +import io.netty.handler.ssl.SslProvider; +import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.Arguments; +import org.junit.jupiter.params.provider.MethodSource; + +import javax.net.ssl.KeyManagerFactory; +import javax.net.ssl.SSLContext; +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.UnrecoverableKeyException; +import java.security.cert.CertificateException; +import java.util.stream.Stream; + +import static com.mongodb.AuthenticationMechanism.MONGODB_X509; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertThrows; +import static org.junit.jupiter.api.Assertions.assertTrue; +import static org.junit.jupiter.api.Assumptions.assumeTrue; + +public abstract class AbstractX509AuthenticationTest { + + private static final String KEYSTORE_PASSWORD = "test"; + + protected abstract MongoClient createMongoClient(MongoClientSettings mongoClientSettings); + + protected AbstractX509AuthenticationTest() { + assumeTrue(isX509TestsEnabled(), "X509 authentication tests are disabled"); + } + + private static Stream shouldAuthenticateWithClientCertificate() throws Exception { + String keystoreFileName = "existing_user.p12"; + return getArgumentForKeystore(keystoreFileName); + } + + @ParameterizedTest(name = "should authenticate with client certificate. MongoClientSettings: {0}") + @MethodSource + public void shouldAuthenticateWithClientCertificate(final MongoClientSettings mongoClientSettings) { + //given + try (MongoClient client = createMongoClient(mongoClientSettings)) { + + //when & then command completes successfully with x509 authentication + client.getDatabase("test").getCollection("test").estimatedDocumentCount(); + } + } + + private static Stream shouldPassMutualTLSWithClientCertificateAndFailAuthenticateWithAbsentUser() throws Exception { + String keystoreFileName = "non_existing_user.p12"; + return getArgumentForKeystore(keystoreFileName); + } + + @ParameterizedTest(name = "should pass mutual TLS with client certificate and fail authenticate with absent user. " + + "MongoClientSettings: {0}") + @MethodSource + public void shouldPassMutualTLSWithClientCertificateAndFailAuthenticateWithAbsentUser(final MongoClientSettings mongoClientSettings) { + // given + try (MongoClient client = createMongoClient(mongoClientSettings)) { + + // when & then + MongoSecurityException mongoSecurityException = assertThrows(MongoSecurityException.class, + () -> client.getDatabase("test").getCollection("test").estimatedDocumentCount()); + + assertTrue(mongoSecurityException.getMessage().contains("Exception authenticating")); + MongoCommandException mongoCommandException = (MongoCommandException) mongoSecurityException.getCause(); + + assertTrue(mongoCommandException.getMessage().contains("Could not find user")); + assertEquals(11, mongoCommandException.getCode()); + } + } + + private static Stream getArgumentForKeystore(final String keystoreFileName) throws Exception { + SSLContext context = buildSslContextFromKeyStore(keystoreFileName); + MongoClientSettings.Builder mongoClientSettingsBuilder = Fixture.getMongoClientSettingsBuilder(); + verifyX509AuthenticationIsRequired(mongoClientSettingsBuilder); + + return Stream.of( + Arguments.of(mongoClientSettingsBuilder + .applyToSslSettings(builder -> builder.context(context)) + .build()), + + Arguments.of(mongoClientSettingsBuilder + .applyToSslSettings(builder -> builder.context(context)) + .transportSettings(NettyTransportSettings.nettyBuilder() + .sslContext(SslContextBuilder.forClient() + .sslProvider(SslProvider.valueOf("JDK")) + .keyManager(getKeyManagerFactory(keystoreFileName)) + .build()) + .build()) + .build()), + + Arguments.of(mongoClientSettingsBuilder + .applyToSslSettings(builder -> builder.context(context)) + .transportSettings(NettyTransportSettings.nettyBuilder() + .sslContext(SslContextBuilder.forClient() + .sslProvider(SslProvider.valueOf("OPENSSL")) + .keyManager(getKeyManagerFactory(keystoreFileName)) + .build()) + .build()) + .build()) + ); + } + + private static SSLContext buildSslContextFromKeyStore(final String keystoreFileName) throws Exception { + KeyManagerFactory keyManagerFactory = getKeyManagerFactory(keystoreFileName); + SSLContext sslContext = SSLContext.getInstance("TLS"); + sslContext.init(keyManagerFactory.getKeyManagers(), null, null); + return sslContext; + } + + private static KeyManagerFactory getKeyManagerFactory(final String keystoreFileName) + throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException { + KeyStore ks = KeyStore.getInstance("PKCS12"); + try (FileInputStream fis = new FileInputStream(getKeystoreLocation() + File.separator + keystoreFileName)) { + ks.load(fis, KEYSTORE_PASSWORD.toCharArray()); + } + KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance( + KeyManagerFactory.getDefaultAlgorithm()); + keyManagerFactory.init(ks, KEYSTORE_PASSWORD.toCharArray()); + return keyManagerFactory; + } + + private static boolean isX509TestsEnabled() { + return Boolean.parseBoolean(System.getProperty("org.mongodb.test.x509.auth")); + } + + private static String getKeystoreLocation() { + return System.getProperty("org.mongodb.test.x509.auth.keystore.location"); + } + + /** + * The connection string is sourced from an environment variable (Secret Storage). + * We verify it still requires X.509 authentication before running these tests to ensure correctness. + */ + private static void verifyX509AuthenticationIsRequired(final MongoClientSettings.Builder mongoClientSettingsBuilder) { + com.mongodb.assertions.Assertions.assertTrue( + com.mongodb.assertions.Assertions.assertNotNull(mongoClientSettingsBuilder.build().getCredential()) + .getAuthenticationMechanism() == MONGODB_X509); + } +} diff --git a/driver-sync/src/test/functional/com/mongodb/client/auth/X509AuthenticationTest.java b/driver-sync/src/test/functional/com/mongodb/client/auth/X509AuthenticationTest.java new file mode 100644 index 0000000000..9605c02714 --- /dev/null +++ b/driver-sync/src/test/functional/com/mongodb/client/auth/X509AuthenticationTest.java @@ -0,0 +1,28 @@ +/* + * Copyright 2008-present MongoDB, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.mongodb.client.auth; + +import com.mongodb.MongoClientSettings; +import com.mongodb.client.MongoClient; +import com.mongodb.client.MongoClients; + +public class X509AuthenticationTest extends AbstractX509AuthenticationTest { + @Override + protected MongoClient createMongoClient(final MongoClientSettings mongoClientSettings) { + return MongoClients.create(mongoClientSettings); + } +} From cc3e7594d9603ce6cdd0fa71c31afa0a9b0bd89b Mon Sep 17 00:00:00 2001 From: "slav.babanin" Date: Sun, 20 Jul 2025 13:26:34 -0700 Subject: [PATCH 2/6] Remove valueOf. JAVA-5866 --- .evergreen/run-x509-auth-tests.sh | 22 +++++++++---------- .../auth/AbstractX509AuthenticationTest.java | 4 ++-- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.evergreen/run-x509-auth-tests.sh b/.evergreen/run-x509-auth-tests.sh index 67a41c4b49..393c2f6e06 100755 --- a/.evergreen/run-x509-auth-tests.sh +++ b/.evergreen/run-x509-auth-tests.sh @@ -28,17 +28,17 @@ provision_keystores () { # Build the pkcs12 (keystore). We include the leaf-only certificate (with public key) and private key in the keystore, # assuming the signed certificate is already trusted by the Atlas as issuer is MongoDB dev CA. - echo "Creating PKCS12 keystore from ca_and_pk.pem" - openssl pkcs12 -export \ - -in ca_and_pk.pem \ - -out existing_user.p12 \ - -password pass:test - - echo "Creating PKCS12 keystore from ca_and_pk_no_user.pem" - openssl pkcs12 -export \ - -in ca_and_pk_no_user.pem \ - -out non_existing_user.p12 \ - -password pass:test + echo "Creating PKCS12 keystore from ca_and_pk.pem" + openssl pkcs12 -export \ + -in ca_and_pk.pem \ + -out existing_user.p12 \ + -password pass:test + + echo "Creating PKCS12 keystore from ca_and_pk_no_user.pem" + openssl pkcs12 -export \ + -in ca_and_pk_no_user.pem \ + -out non_existing_user.p12 \ + -password pass:test } ############################################ diff --git a/driver-sync/src/test/functional/com/mongodb/client/auth/AbstractX509AuthenticationTest.java b/driver-sync/src/test/functional/com/mongodb/client/auth/AbstractX509AuthenticationTest.java index 44b3509218..016bd1f3a4 100644 --- a/driver-sync/src/test/functional/com/mongodb/client/auth/AbstractX509AuthenticationTest.java +++ b/driver-sync/src/test/functional/com/mongodb/client/auth/AbstractX509AuthenticationTest.java @@ -110,7 +110,7 @@ private static Stream getArgumentForKeystore(final String keystoreFil .applyToSslSettings(builder -> builder.context(context)) .transportSettings(NettyTransportSettings.nettyBuilder() .sslContext(SslContextBuilder.forClient() - .sslProvider(SslProvider.valueOf("JDK")) + .sslProvider(SslProvider.JDK) .keyManager(getKeyManagerFactory(keystoreFileName)) .build()) .build()) @@ -120,7 +120,7 @@ private static Stream getArgumentForKeystore(final String keystoreFil .applyToSslSettings(builder -> builder.context(context)) .transportSettings(NettyTransportSettings.nettyBuilder() .sslContext(SslContextBuilder.forClient() - .sslProvider(SslProvider.valueOf("OPENSSL")) + .sslProvider(SslProvider.OPENSSL) .keyManager(getKeyManagerFactory(keystoreFileName)) .build()) .build()) From f876032c579470622e856ae7eb4b91035d599cb2 Mon Sep 17 00:00:00 2001 From: "slav.babanin" Date: Sun, 20 Jul 2025 19:56:19 -0700 Subject: [PATCH 3/6] Add execution condition. --- .evergreen/run-x509-auth-tests.sh | 2 +- .../auth/AbstractX509AuthenticationTest.java | 31 ++++++++++++++----- 2 files changed, 24 insertions(+), 9 deletions(-) diff --git a/.evergreen/run-x509-auth-tests.sh b/.evergreen/run-x509-auth-tests.sh index 393c2f6e06..93b23fca1c 100755 --- a/.evergreen/run-x509-auth-tests.sh +++ b/.evergreen/run-x509-auth-tests.sh @@ -50,7 +50,7 @@ echo "Running X509 Authentication tests with Java ${JAVA_VERSION}" provision_keystores ./gradlew -PjavaVersion=${JAVA_VERSION} -Dorg.mongodb.test.uri=${MONGODB_URI} --info --continue \ - -Dorg.mongodb.test.x509.auth=true \ + -Dorg.mongodb.test.x509.auth.enabled=true \ -Dorg.mongodb.test.x509.auth.keystore.location="$(pwd)" \ driver-sync:test --tests X509AuthenticationTest \ driver-reactive-streams:test --tests X509AuthenticationTest \ No newline at end of file diff --git a/driver-sync/src/test/functional/com/mongodb/client/auth/AbstractX509AuthenticationTest.java b/driver-sync/src/test/functional/com/mongodb/client/auth/AbstractX509AuthenticationTest.java index 016bd1f3a4..dcc80a3c6f 100644 --- a/driver-sync/src/test/functional/com/mongodb/client/auth/AbstractX509AuthenticationTest.java +++ b/driver-sync/src/test/functional/com/mongodb/client/auth/AbstractX509AuthenticationTest.java @@ -24,6 +24,10 @@ import com.mongodb.connection.NettyTransportSettings; import io.netty.handler.ssl.SslContextBuilder; import io.netty.handler.ssl.SslProvider; +import org.junit.jupiter.api.extension.ConditionEvaluationResult; +import org.junit.jupiter.api.extension.ExecutionCondition; +import org.junit.jupiter.api.extension.ExtendWith; +import org.junit.jupiter.api.extension.ExtensionContext; import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.Arguments; import org.junit.jupiter.params.provider.MethodSource; @@ -44,18 +48,13 @@ import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertThrows; import static org.junit.jupiter.api.Assertions.assertTrue; -import static org.junit.jupiter.api.Assumptions.assumeTrue; +@ExtendWith(AbstractX509AuthenticationTest.X509AuthenticationPropertyCondition.class) public abstract class AbstractX509AuthenticationTest { private static final String KEYSTORE_PASSWORD = "test"; - protected abstract MongoClient createMongoClient(MongoClientSettings mongoClientSettings); - protected AbstractX509AuthenticationTest() { - assumeTrue(isX509TestsEnabled(), "X509 authentication tests are disabled"); - } - private static Stream shouldAuthenticateWithClientCertificate() throws Exception { String keystoreFileName = "existing_user.p12"; return getArgumentForKeystore(keystoreFileName); @@ -148,7 +147,7 @@ private static KeyManagerFactory getKeyManagerFactory(final String keystoreFileN } private static boolean isX509TestsEnabled() { - return Boolean.parseBoolean(System.getProperty("org.mongodb.test.x509.auth")); + return Boolean.parseBoolean(System.getProperty("org.mongodb.test.x509.auth.enabled")); } private static String getKeystoreLocation() { @@ -164,4 +163,20 @@ private static void verifyX509AuthenticationIsRequired(final MongoClientSettings com.mongodb.assertions.Assertions.assertNotNull(mongoClientSettingsBuilder.build().getCredential()) .getAuthenticationMechanism() == MONGODB_X509); } -} + + /* + This condition allows to skip initialization of method sources and test execution. + - @EnableIf on the class, assumeTrue in the constructor - do not block method source initialization. + - assumeTrue in the static block - fails the test. + */ + public static class X509AuthenticationPropertyCondition implements ExecutionCondition { + @Override + public ConditionEvaluationResult evaluateExecutionCondition(final ExtensionContext context) { + if (isX509TestsEnabled()) { + return ConditionEvaluationResult.enabled("Test is enabled because x509 auth configuration exists"); + } else { + return ConditionEvaluationResult.disabled("Test is disabled because x509 auth configuration is missing"); + } + } + } +} \ No newline at end of file From da96e3f0e0236ae80576dd6d8aaa307a673e6787 Mon Sep 17 00:00:00 2001 From: "slav.babanin" Date: Sun, 20 Jul 2025 19:57:36 -0700 Subject: [PATCH 4/6] Fix checkstyle. --- .../mongodb/client/auth/AbstractX509AuthenticationTest.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/driver-sync/src/test/functional/com/mongodb/client/auth/AbstractX509AuthenticationTest.java b/driver-sync/src/test/functional/com/mongodb/client/auth/AbstractX509AuthenticationTest.java index dcc80a3c6f..1b06ab5dc0 100644 --- a/driver-sync/src/test/functional/com/mongodb/client/auth/AbstractX509AuthenticationTest.java +++ b/driver-sync/src/test/functional/com/mongodb/client/auth/AbstractX509AuthenticationTest.java @@ -155,7 +155,7 @@ private static String getKeystoreLocation() { } /** - * The connection string is sourced from an environment variable (Secret Storage). + * The connection string is sourced from an environment variable populated from Secret Storage. * We verify it still requires X.509 authentication before running these tests to ensure correctness. */ private static void verifyX509AuthenticationIsRequired(final MongoClientSettings.Builder mongoClientSettingsBuilder) { @@ -179,4 +179,4 @@ public ConditionEvaluationResult evaluateExecutionCondition(final ExtensionConte } } } -} \ No newline at end of file +} From 75b7dc433094648febbb7c522426653060676d19 Mon Sep 17 00:00:00 2001 From: "slav.babanin" Date: Sun, 20 Jul 2025 19:59:28 -0700 Subject: [PATCH 5/6] Change javadoc. --- .../mongodb/client/auth/AbstractX509AuthenticationTest.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/driver-sync/src/test/functional/com/mongodb/client/auth/AbstractX509AuthenticationTest.java b/driver-sync/src/test/functional/com/mongodb/client/auth/AbstractX509AuthenticationTest.java index 1b06ab5dc0..9f02d2b562 100644 --- a/driver-sync/src/test/functional/com/mongodb/client/auth/AbstractX509AuthenticationTest.java +++ b/driver-sync/src/test/functional/com/mongodb/client/auth/AbstractX509AuthenticationTest.java @@ -156,7 +156,7 @@ private static String getKeystoreLocation() { /** * The connection string is sourced from an environment variable populated from Secret Storage. - * We verify it still requires X.509 authentication before running these tests to ensure correctness. + * We verify it still requires X.509 authentication before running these tests to ensure test invariants. */ private static void verifyX509AuthenticationIsRequired(final MongoClientSettings.Builder mongoClientSettingsBuilder) { com.mongodb.assertions.Assertions.assertTrue( @@ -164,11 +164,11 @@ private static void verifyX509AuthenticationIsRequired(final MongoClientSettings .getAuthenticationMechanism() == MONGODB_X509); } - /* + /** This condition allows to skip initialization of method sources and test execution. - @EnableIf on the class, assumeTrue in the constructor - do not block method source initialization. - assumeTrue in the static block - fails the test. - */ + **/ public static class X509AuthenticationPropertyCondition implements ExecutionCondition { @Override public ConditionEvaluationResult evaluateExecutionCondition(final ExtensionContext context) { From 222541cd92f8a7c2cf96d4297b51569b3c0d91c3 Mon Sep 17 00:00:00 2001 From: "slav.babanin" Date: Sun, 20 Jul 2025 20:00:36 -0700 Subject: [PATCH 6/6] Move method down. --- .../client/auth/AbstractX509AuthenticationTest.java | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/driver-sync/src/test/functional/com/mongodb/client/auth/AbstractX509AuthenticationTest.java b/driver-sync/src/test/functional/com/mongodb/client/auth/AbstractX509AuthenticationTest.java index 9f02d2b562..0d003210f3 100644 --- a/driver-sync/src/test/functional/com/mongodb/client/auth/AbstractX509AuthenticationTest.java +++ b/driver-sync/src/test/functional/com/mongodb/client/auth/AbstractX509AuthenticationTest.java @@ -146,10 +146,6 @@ private static KeyManagerFactory getKeyManagerFactory(final String keystoreFileN return keyManagerFactory; } - private static boolean isX509TestsEnabled() { - return Boolean.parseBoolean(System.getProperty("org.mongodb.test.x509.auth.enabled")); - } - private static String getKeystoreLocation() { return System.getProperty("org.mongodb.test.x509.auth.keystore.location"); } @@ -179,4 +175,8 @@ public ConditionEvaluationResult evaluateExecutionCondition(final ExtensionConte } } } + + private static boolean isX509TestsEnabled() { + return Boolean.parseBoolean(System.getProperty("org.mongodb.test.x509.auth.enabled")); + } }