SolaceProducts · rudraneel-chakraborty · Nov 6, 2025 · Oct 22, 2025 · Oct 22, 2025 · Nov 3, 2025
diff --git a/...nt/agent/webProxy/VMRPropertiesTests.java → ...ent/plugin/config/VMRPropertiesTests.java b/...nt/agent/webProxy/VMRPropertiesTests.java → ...ent/plugin/config/VMRPropertiesTests.java
@@ -1,9 +1,8 @@
-package com.solace.maas.ep.event.management.agent.webProxy;
+package com.solace.maas.ep.event.management.agent.plugin.config;
 
-import com.solace.maas.ep.event.management.agent.plugin.config.VMRProperties;
 import com.solace.maas.ep.event.management.agent.plugin.config.eventPortal.EventPortalPluginProperties;
-import com.solace.maas.ep.event.management.agent.plugin.config.eventPortal.GatewayProperties;
 import com.solace.maas.ep.event.management.agent.plugin.config.eventPortal.GatewayMessagingProperties;
+import com.solace.maas.ep.event.management.agent.plugin.config.eventPortal.GatewayProperties;
 import com.solace.maas.ep.event.management.agent.plugin.messagingService.MessagingServiceConnectionProperties;
 import com.solace.maas.ep.event.management.agent.plugin.messagingService.MessagingServiceUsersProperties;
 import lombok.SneakyThrows;
@@ -22,6 +21,11 @@
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.doNothing;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.spy;
+import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 
 @ActiveProfiles("TEST")
@@ -256,4 +260,38 @@ void testNoGatewayConnectionProperties() {
                 .hasCauseExactlyInstanceOf(NoSuchElementException.class)
                 .hasRootCauseMessage("Event Portal gateway connection properties not found.");
     }
+
+    @Test
+    @SneakyThrows
+    void testSetDefaultTrustStoreCalledWhenCustomCaCertsPresent() {
+        // Spy on vmrProperties to mock getCustomCaCertsPresentEnv and verify setDefaultTrustStore is called
+        VMRProperties spyVmrProperties = spy(vmrProperties);
+        when(spyVmrProperties.isCustomCACertConfigured()).thenReturn(true);
+        doNothing().when(spyVmrProperties).setDefaultTrustStore(any(Properties.class));
+
+        MessagingServiceConnectionProperties connectionProps = createConnectionProperties(false, null, null, null, null, null);
+        when(gatewayMessagingProperties.getConnections()).thenReturn(Collections.singletonList(connectionProps));
+
+        spyVmrProperties.getVmrProperties();
+
+        // Verify setDefaultTrustStore was called
+        verify(spyVmrProperties).setDefaultTrustStore(any(Properties.class));
+    }
+
+    @Test
+    @SneakyThrows
+    void testSetDefaultTrustStoreNotCalledWhenCustomCaCertsNotPresent() {
+        // Spy on vmrProperties to mock getCustomCaCertsPresentEnv and verify setDefaultTrustStore is NOT called
-        // Spy on vmrProperties to mock getCustomCaCertsPresentEnv and verify setDefaultTrustStore is NOT called
+        // Spy on vmrProperties to mock isCustomCACertConfigured and verify setDefaultTrustStore is NOT called
-        // Spy on vmrProperties to mock getCustomCaCertsPresentEnv and verify setDefaultTrustStore is NOT called
+        // Spy on vmrProperties to mock isCustomCACertConfigured and verify setDefaultTrustStore is NOT called
+        VMRProperties spyVmrProperties = spy(vmrProperties);
+        when(spyVmrProperties.isCustomCACertConfigured()).thenReturn(false);
+
+        MessagingServiceConnectionProperties connectionProps = createConnectionProperties(false, null, null, null, null, null);
+        when(gatewayMessagingProperties.getConnections()).thenReturn(Collections.singletonList(connectionProps));
+
+        spyVmrProperties.getVmrProperties();
+
+        // Verify setDefaultTrustStore was NOT called
+        verify(spyVmrProperties, never()).setDefaultTrustStore(any(Properties.class));
+    }
+
 }
diff --git a/.../src/main/java/com/solace/maas/ep/event/management/agent/plugin/config/VMRProperties.java b/.../src/main/java/com/solace/maas/ep/event/management/agent/plugin/config/VMRProperties.java
@@ -16,8 +16,11 @@
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.context.annotation.Configuration;
 
+import java.io.File;
 import java.net.InetAddress;
 import java.net.UnknownHostException;
+import java.nio.file.Path;
+import java.nio.file.Paths;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.NoSuchElementException;
@@ -122,9 +125,51 @@ public Properties getVmrProperties() {
         properties.setProperty(SolaceProperties.AuthenticationProperties.SCHEME_BASIC_PASSWORD, password);
         properties.setProperty(SolaceProperties.ClientProperties.NAME, clientName);
 
+        //We will always use the default jks truststore for connecting to the EVMR
-        //We will always use the default jks truststore for connecting to the EVMR
+        // Explicitly configure the default JKS truststore for connecting to the EVMR only when custom CA certificates are present
-        //We will always use the default jks truststore for connecting to the EVMR
+        // Explicitly configure the default JKS truststore for connecting to the EVMR only when custom CA certificates are present
+        configureDefaultTrustStore(properties);
+
         return properties;
     }
 
+    private void configureDefaultTrustStore(Properties properties) {
+        if (properties == null) {
+            log.warn("Properties object is null");
+            return;
+        }
+
+        if (!isCustomCACertConfigured()) {
+            log.debug("Custom CA certificates not present. Skipping explicit default truststore configuration.");
+            return;
+        }
+
+        setDefaultTrustStore(properties);
+    }
+
+
+    boolean isCustomCACertConfigured() {
+        String customCaCertsPresent = System.getenv("CUSTOM_CA_CERTS_PRESENT");
+
+        return ("1".equals(customCaCertsPresent));
+    }
+
+    void setDefaultTrustStore(Properties properties) {
+        String javaHome = System.getProperty("java.home");
+        if (StringUtils.isBlank(javaHome)) {
+            log.warn("java.home system property is not set. Cannot configure default truststore for JCSMP.");
+            return;
+        }
+        Path defaultTrustStorePath = Paths.get(javaHome, "lib", "security", "cacerts");
+        File trustStoreFile = defaultTrustStorePath.toFile();
+
+        if (!trustStoreFile.exists() || !trustStoreFile.canRead()) {
+            log.warn("Default truststore not found or not readable at: {}. JCSMP connection may fail.", defaultTrustStorePath);
+            return;
+        }
+
+        log.debug("Custom CA certificates present. Explicitly configuring EVMR connection to use default truststore: {}", defaultTrustStorePath);
+        properties.setProperty(SolaceProperties.TransportLayerSecurityProperties.TRUST_STORE_PATH, defaultTrustStorePath.toString());
+    }
+
     public List<String> getRTOSessionProperties() {
         parseVmrProperties();