MQTTS test simplified by using a default trusted ca-certificates by Java. This approach requires no craft for JKS file

Author: smatvienko-tb

src/main/java/org/thingsboard/tools/service/shared/BaseMqttAPITest.java

@@ -21,12 +21,14 @@
 import io.netty.handler.codec.mqtt.MqttQoS;
 import io.netty.handler.ssl.SslContext;
 import io.netty.handler.ssl.SslContextBuilder;
+import io.netty.handler.ssl.SslProvider;
 import io.netty.util.concurrent.Future;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Value;
 import org.thingsboard.mqtt.MqttClient;
 import org.thingsboard.mqtt.MqttClientConfig;
 import org.thingsboard.mqtt.MqttConnectResult;
+import org.thingsboard.server.common.data.StringUtils;
 import org.thingsboard.tools.service.mqtt.DeviceClient;
 import org.thingsboard.tools.service.msg.Msg;
 
@@ -195,19 +197,26 @@ private MqttClient initClient(String token) throws Exception {
 
     private SslContext getSslContext() {
         if (mqttSslEnabled) {
+            if (StringUtils.isNotBlank(mqttSslKeyStore)) {
+                try {
+                    TrustManagerFactory trustFact = TrustManagerFactory.getInstance("SunX509");
+                    KeyStore trustStore = KeyStore.getInstance("JKS");
+                    FileInputStream stream = new FileInputStream(mqttSslKeyStore);
+                    trustStore.load(stream, mqttSslKeyStorePassword.toCharArray());
+                    trustFact.init(trustStore);
+                    return SslContextBuilder.forClient().trustManager(trustFact).build();
+                } catch (Exception e) {
+                    log.warn("Error while initializing SSL context for keystore [{}]. Will try default SSLContext", mqttSslKeyStore, e);
+                }
+            }
+
             try {
-                TrustManagerFactory trustFact = TrustManagerFactory.getInstance("SunX509");
-                KeyStore trustStore = KeyStore.getInstance("JKS");
-                FileInputStream stream = new FileInputStream(mqttSslKeyStore);
-                trustStore.load(stream, mqttSslKeyStorePassword.toCharArray());
-                trustFact.init(trustStore);
-                return SslContextBuilder.forClient().trustManager(trustFact).build();
+                return SslContextBuilder.forClient().sslProvider(SslProvider.JDK).build();
             } catch (Exception e) {
-                throw new RuntimeException("Exception while creating SslContext", e);
+                throw new RuntimeException("Error while initializing default SSL context", e);
             }
-        } else {
-            return null;
         }
+        return null;
     }
 
     protected void reportMqttClientsStats() {

src/main/resources/tb-ce-performance-tests.yml

@@ -35,16 +35,20 @@ endpoints:
 
 rest:
   connect_server: "${REST_CONNECT_SERVER:true}"
+  # Http or https. Port can be omitted. Use the same web link as you usually login with your browser
   url: "${REST_URL:http://localhost:8080}"
   username: "${REST_USERNAME:tenant@thingsboard.org}"
   password: "${REST_PASSWORD:tenant}"
   pool_size: "${REST_POOL_SIZE:4}"
 mqtt:
+  # For MQTT use hostname or IP. For MQTTS use only hostname
   host: "${MQTT_HOST:localhost}"
+  # Usually 1883 for MQTT or 8883 for MQTTS
   port: "${MQTT_PORT:1883}"
   ssl:
     enabled: "${MQTT_SSL_ENABLED:false}"
-    key_store: "${MQTT_SSL_KEY_STORE:mqttclient.jks}"
+    # Java keystore file mqttclient.jks. If not set, it will use a default trusted certs for Java like ca-certificates pre-installed. Use custom JKS truststore only to deal with self-managed certificates
+    key_store: "${MQTT_SSL_KEY_STORE:}"
     key_store_password: "${MQTT_SSL_KEY_STORE_PASSWORD:password}"
 lwm2m:
   recommended_ciphers: "${LWM2M_RECOMMENDED_CIPHERS:false}"