Removed extra md files, added description in Readme and made solution Thread safe

agrja-rastogi-okta · agrja-rastogi-okta · commit a6a00e7580ad · 2026-01-17T10:12:41.000+05:30
diff --git a/README.md b/README.md
@@ -13,6 +13,7 @@
     * [Thread safety considerations](#thread-safety-considerations)
 * [Spring Support](#spring-support)
 * [Configuration reference](#configuration-reference)
+* [WireMock Integration Testing](#wiremock-integration-testing)
 * [Building the SDK](#building-the-sdk)
 * [Contributing](#contributing)
 
@@ -803,8 +804,211 @@ ApiClient client = Clients.builder()
 ```
 [//]: # (end: disableCaching)
 
+## WireMock Integration Testing
+
+### Overview
+
+WireMock enables testing with the Okta Java SDK by providing a mock HTTP server that simulates Okta's API endpoints over HTTPS. This eliminates the need to hit actual Okta servers during development and testing, removing rate limit concerns and enabling rapid iteration.
+
+### Problem
+
+The Okta SDK requires HTTPS connections, and when using WireMock with self-signed certificates, the SDK's HTTP client must be configured to trust the mock server's certificate. This section demonstrates the complete setup.
+
+### Solution Architecture
+
+The solution consists of three components:
+
+1. **Self-Signed Certificate Generation**: Automatically generates a JKS keystore with a self-signed certificate
+2. **WireMock HTTPS Configuration**: Configures WireMock server to use the certificate
+3. **Custom SSL Context**: Configures the Okta SDK's HTTP client to trust the certificate
+
+### Implementation
+
+#### Step 1: Automatic Certificate Generation
+
+The test setup automatically generates a self-signed certificate on first run:
+
+```java
+String keystorePath = Paths.get(KEYSTORE_PATH).toAbsolutePath().toString();
+java.io.File keystoreFile = new java.io.File(keystorePath);
+if (!keystoreFile.exists()) {
+    ProcessBuilder pb = new ProcessBuilder(
+        "keytool", "-genkey", "-alias", "wiremock", "-keyalg", "RSA",
+        "-keystore", keystorePath,
+        "-storepass", "password", "-keypass", "password",
+        "-dname", "CN=localhost", "-validity", "365", "-noprompt"
+    );
+    int exitCode = pb.start().waitFor();
+    if (exitCode != 0) {
+        throw new RuntimeException("Failed to generate WireMock keystore");
+    }
+}
+```
+
+The certificate is generated once and reused for subsequent test runs. The `.gitignore` file excludes the keystore from version control to maintain security best practices.
+
+#### Step 2: Configure WireMock Server
+
+Start WireMock on HTTPS port 8443 using the generated certificate:
+
+```java
+wireMockServer = new WireMockServer(
+    WireMockConfiguration.wireMockConfig()
+        .httpsPort(8443)
+        .keystorePath(keystorePath)
+        .keystorePassword("password")
+);
+wireMockServer.start();
+```
+
+#### Step 3: Create Custom SSL Context
+
+Load the keystore and configure an SSL context that trusts the self-signed certificate:
+
+```java
+KeyStore trustStore = KeyStore.getInstance("JKS");
+try (FileInputStream fis = new FileInputStream(keystorePath)) {
+    trustStore.load(fis, "password".toCharArray());
+}
+
+TrustManagerFactory tmf = TrustManagerFactory.getInstance(
+    TrustManagerFactory.getDefaultAlgorithm());
+tmf.init(trustStore);
+
+SSLContext sslContext = SSLContext.getInstance("TLS");
+sslContext.init(null, tmf.getTrustManagers(), new java.security.SecureRandom());
+```
+
+#### Step 4: Configure HTTP Client with Custom SSL Context
+
+Create the HTTP client with dynamic port allocation for thread safety:
+
+```java
+// Find an available port for thread-safe parallel execution
+ServerSocket socket = new ServerSocket(0);
+int wiremockPort = socket.getLocalPort();
+socket.close();
+
+org.apache.hc.client5.http.impl.classic.CloseableHttpClient httpClient = 
+    HttpClients.custom()
+        .setConnectionManager(
+            PoolingHttpClientConnectionManagerBuilder.create()
+                .setSSLSocketFactory(
+                    new org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory(sslContext)
+                )
+                .build()
+        )
+        .build();
+```
+
+#### Step 5: Create Okta API Client
+
+Instantiate the API client with the custom HTTP client:
+
+```java
+client = new ApiClient(httpClient, new com.okta.sdk.impl.cache.DisabledCacheManager());
+client.setBasePath("https://localhost:" + wiremockPort);
+
+userApi = new UserApi(client);
+```
+
+### Usage Example
+
+Define API endpoint mocks using WireMock's stubFor pattern:
+
+```java
+@Test
+public void testGetUser() throws ApiException {
+    String userId = "00ub0oNGTSWTBKOLGLHN";
+    
+    stubFor(get(urlEqualTo("/api/v1/users/" + userId))
+        .willReturn(aResponse()
+            .withStatus(200)
+            .withHeader("Content-Type", "application/json")
+            .withBody("{" +
+                "\"id\":\"" + userId + "\"," +
+                "\"status\":\"ACTIVE\"," +
+                "\"profile\":{" +
+                    "\"email\":\"user@example.com\"" +
+                "}" +
+            "}")
+        ));
+
+    User user = userApi.getUser(userId, null, null);
+    
+    assertNotNull(user);
+    assertEquals(userId, user.getId());
+    assertEquals("ACTIVE", user.getStatus().toString());
+}
+```
+
+### Thread Safety
+
+The implementation uses dynamic port allocation to ensure thread-safe parallel test execution:
+
+```java
+ServerSocket socket = new ServerSocket(0);  // OS assigns available port
+int wiremockPort = socket.getLocalPort();
+socket.close();
+```
+
+This approach allows multiple test instances to run simultaneously, each with its own isolated WireMock server instance on a unique port.
+
+### Reference Implementation
+
+A complete working example is provided in `integration-tests/src/test/java/com/okta/sdk/tests/WireMockOktaClientTest.java` with test cases for:
+
+- Single user retrieval (testGetUser)
+- User list operations (testListUsers)
+- HTTPS configuration verification (testWireMockHttps)
+
+### Running the Tests
+
+Execute the integration tests with:
+
+```bash
+mvn test -Dtest=WireMockOktaClientTest -pl integration-tests
+```
+
+Expected output:
+
+```
+Tests run: 3, Failures: 0, Errors: 0, Skipped: 0
+```
+
+### Prerequisites
+
+- Java Development Kit (JDK) 8 or later
+- Apache Maven 3.6 or later
+- keytool (included with JDK)
+
+### Troubleshooting
+
+**Port Already in Use**
+
+If port 8443 is in use, the dynamic port allocation in the current implementation automatically selects an available port. Ensure you pass the dynamically assigned port to the client configuration.
+
+**Certificate Trust Issues**
+
+Verify that the keystore file is generated and accessible:
+
+```bash
+ls -la wiremock-keystore.jks
+```
+
+If the file is missing or corrupted, delete it and run tests again to regenerate.
+
+**keytool Not Found**
+
+keytool is included with the JDK. Ensure JAVA_HOME is properly configured:
+
+```bash
+echo $JAVA_HOME
+```
+
 ## Building the SDK
 
+
 In most cases, you won't need to build the SDK from source. If you want to build it yourself, take a look at the [build instructions wiki](https://github.com/okta/okta-sdk-java/wiki/Build-It) (though just cloning the repo and running `mvn install` should get you going).
 
 > **Note**: The SDK uses a large OpenAPI specification file (~84,000 lines). If you encounter memory issues during build:
diff --git a/integration-tests/src/test/java/com/okta/sdk/tests/WireMockOktaClientTest.java b/integration-tests/src/test/java/com/okta/sdk/tests/WireMockOktaClientTest.java
@@ -40,45 +40,61 @@
 import static org.testng.Assert.assertNotNull;
 import static org.testng.Assert.assertEquals;
 
+import java.net.ServerSocket;
+
 /**
  * Integration test demonstrating WireMock + Okta SDK with HTTPS using self-signed certificates.
  * This test proves the solution works end-to-end without hitting actual Okta servers.
+ * 
+ * Thread-safe design: Uses dynamic port allocation for each test instance,
+ * allowing parallel test execution without port conflicts.
  */
 public class WireMockOktaClientTest {
 
     private WireMockServer wireMockServer;
     private ApiClient client;
     private UserApi userApi;
-    private static final int WIREMOCK_HTTPS_PORT = 8443;
-    private static final String WIREMOCK_HOST = "https://localhost:" + WIREMOCK_HTTPS_PORT;
+    private int wireMockHttpsPort;  // Dynamic port for thread-safety
+    private String wireMockHost;     // Computed from dynamic port
     private static final String KEYSTORE_PATH = "../../wiremock-keystore.jks";  // Path from integration-tests module
     private static final String KEYSTORE_PASSWORD = "password";
+    private static final Object KEYSTORE_LOCK = new Object();  // Lock for thread-safe keystore generation
 
     @BeforeMethod
     public void setup() throws Exception {
-        // Generate WireMock keystore if it doesn't exist
+        // Generate WireMock keystore if it doesn't exist (synchronized for thread-safety)
         String keystorePath = Paths.get(KEYSTORE_PATH).toAbsolutePath().toString();
-        java.io.File keystoreFile = new java.io.File(keystorePath);
-        if (!keystoreFile.exists()) {
-            System.out.println("Generating WireMock keystore at: " + keystorePath);
-            ProcessBuilder pb = new ProcessBuilder(
-                "keytool", "-genkey", "-alias", "wiremock", "-keyalg", "RSA",
-                "-keystore", keystorePath,
-                "-storepass", KEYSTORE_PASSWORD, "-keypass", KEYSTORE_PASSWORD,
-                "-dname", "CN=localhost", "-validity", "365", "-noprompt"
-            );
-            int exitCode = pb.start().waitFor();
-            if (exitCode != 0) {
-                throw new RuntimeException("Failed to generate WireMock keystore. " +
-                    "Ensure 'keytool' is in your PATH (comes with Java)");
+        synchronized(KEYSTORE_LOCK) {
+            java.io.File keystoreFile = new java.io.File(keystorePath);
+            if (!keystoreFile.exists()) {
+                System.out.println("[Thread: " + Thread.currentThread().getName() + "] " +
+                    "Generating WireMock keystore at: " + keystorePath);
+                ProcessBuilder pb = new ProcessBuilder(
+                    "keytool", "-genkey", "-alias", "wiremock", "-keyalg", "RSA",
+                    "-keystore", keystorePath,
+                    "-storepass", KEYSTORE_PASSWORD, "-keypass", KEYSTORE_PASSWORD,
+                    "-dname", "CN=localhost", "-validity", "365", "-noprompt"
+                );
+                int exitCode = pb.start().waitFor();
+                if (exitCode != 0) {
+                    throw new RuntimeException("Failed to generate WireMock keystore. " +
+                        "Ensure 'keytool' is in your PATH (comes with Java)");
+                }
+                System.out.println("[Thread: " + Thread.currentThread().getName() + "] " +
+                    "WireMock keystore generated successfully");
             }
-            System.out.println("WireMock keystore generated successfully");
         }
 
-        // Start WireMock on HTTPS with self-signed certificate
+        // Allocate a dynamic HTTPS port for this test instance (thread-safe)
+        wireMockHttpsPort = allocateAvailablePort();
+        wireMockHost = "https://localhost:" + wireMockHttpsPort;
+        System.out.println("[Thread: " + Thread.currentThread().getName() + "] " +
+            "Using dynamic HTTPS port: " + wireMockHttpsPort);
+
+        // Start WireMock on dynamic HTTPS port with self-signed certificate
         wireMockServer = new WireMockServer(
             WireMockConfiguration.wireMockConfig()
-                .httpsPort(WIREMOCK_HTTPS_PORT)
+                .httpsPort(wireMockHttpsPort)
                 .keystorePath(KEYSTORE_PATH)
                 .keystorePassword(KEYSTORE_PASSWORD)
         );
@@ -111,11 +127,24 @@ public void setup() throws Exception {
         
         // Create ApiClient with the custom HttpClient and a disabled cache manager
         client = new ApiClient(httpClient, new com.okta.sdk.impl.cache.DisabledCacheManager());
-        client.setBasePath(WIREMOCK_HOST);
+        client.setBasePath(wireMockHost);  // Use dynamic host with dynamic port
 
         userApi = new UserApi(client);
     }
 
+    /**
+     * Allocates an available port by binding to port 0 (OS assigns available port).
+     * This ensures thread-safe, collision-free port allocation.
+     * 
+     * @return an available port number
+     * @throws Exception if port allocation fails
+     */
+    private int allocateAvailablePort() throws Exception {
+        try (ServerSocket socket = new ServerSocket(0)) {
+            return socket.getLocalPort();
+        }
+    }
+
     @AfterMethod
     public void teardown() {
         if (wireMockServer != null) {
