[Webtest] Re: webtest cannot handle the lack of a secure certificate in our test environment

Mon, 11 Dec 2006 00:21:23 -0800 

Hi,
as far as I understand it, you have to add the certificate of your webpage to your keystore of trusted certificates. 
This goes something like this:

use IE to save the certificate as DER encoded X.509 certificate
use the java keytool to import it in a keystore:

keytool -import -v -trustcacerts -file <the exported certificate file>
 -keystore trust.keystore -alias <unique alias for the certificate>

tell webtest to use this keystore:

<property name="webtest.connectioninitializer"
 value="com.canoo.webtest.security.SunJsseBaseConnectionInitializer" />
<property name="webtest.truststore.file" value="certs/<your keystore file>" /> <property name="webtest.truststore.passphrase" value="<password for the keystore" />
This works! But make sure that you get the path to your files etc. right, because the error messages you get when something is wrong will not really be helpfull :-( 

Best Regards,
Ralf

John and Pip wrote:

Hi All,
I am testing a secure website, and have not problem in the production system, hitting and logging into https://registration.airnewzealand.com/spr/login/login.jsp <https://registration.airnewzealand.com/spr/login/login.jsp>
However, in our test environment, if you access this page in IE you see a popup saying "Unable to verify the identity of registration.airnewzealand.com <http://registration.airnewzealand.com> as a trusted site." etc etc.
When I try to log in on this page in the test environment (by using a proxy) using the following code: 

<?xml version="1.0"?>
<!DOCTYPE project SYSTEM " WebTest.dtd">
<project name="OLH" basedir="." default="main">
    <property name="webtest.home" location="..\.."/>
    <import file="${ webtest.home}/lib/taskdef.xml"/>
    <target name="main">
<setproxy proxyhost="10.16.32.33 <http://10.16.32.33>" proxyport="4005" /> <!-- set to FT3 direct proxy --> <webtest name="ISIS SFF NZ Search"> 
<config
                host="any"
                port="1234"
                protocol="http"
                basepath=""
                summary="true"
                saveresponse="true"
                resultpath="..\webtest-results"
                resultfile="results.xml"
                showhtmlparseroutput="false"
                autorefresh="true"
                haltonfailure="false"
                timeout="120">
                <option name="RedirectEnabled" value="true" />
                <header name="User-Agent" value="WebTest" />
</config>
            <steps>
                   <groovy>
                       def logFile = new File('./webtest.log')
                    logFile.append("\nTest Start\n")
                    logFile.append(step.context.webClient.toString())
                      logFile.append("\nTest End\n")
                   </groovy>
<invoke url="https://registration.airnewzealand.com/spr/login/login.jsp"/> <!-- This fails with a "connection timed out error. It also fails in this format: https://registration.airnewzealand.com/spr?login?login.jsp --> <verifyTitle text="Air New Zealand - My Account"/> 
                <verifyText text="Login"/>
                <setInputField name="username" value="966594"/>
<setInputField name="password" value="password01"/> <!-- Qual value --> <clickButton description="Click image button: " name="image"/> 
                <verifyTitle text="Air New Zealand - My Airpoints Account"/>
<verifyText text="My Airpoints Account"/> </steps> 
        </webtest>
    </target>
</project>

I get:

C:\WebTest\doc\ISIS>webtest -debug -f testFT3.xml  > out.txt

BUILD FAILED
C:\WebTest\doc\ISIS\testFT3.xml:8: Canoo Webtest: R_1438.
Test failed.
Exception raised: com.canoo.webtest.engine.StepExecutionException: Unexpected ex ception caught: javax.net.ssl.SSLHandshakeException: sun.security.validator.Vali datorException: PKIX path building failed: sun.security.provider.certpath.SunCer tPathBuilderException: unable to find valid certification path to requested targ et, Step: InvokePage at C:\WebTest\doc\ISIS\testFT3.xml:32: with (taskName="inv oke")com.canoo.webtest.engine.StepExecutionException: Unexpected exception caugh t: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorExceptio n: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderE xception: unable to find valid certification path to requested target, Step: Inv 
okePage at C:\WebTest\doc\ISIS\testFT3.xml:32:  with (taskName="invoke")
at com.canoo.webtest.steps.Step.handleUnexpectedException(Step.java:413) 

[rest of the stack below if you are interested]

and the relevant bit of the webtest debug output is:

Build sequence for target(s) `main' is [main]
Complete build sequence is [main, ]

main:
 [setproxy] Setting proxy to 10.16.32.33:4005 <http://10.16.32.33:4005>
Setting project property: webtest.version -> Canoo Webtest: R_1438.
Adding reference: ant.PropertyHelper
Adding reference: ant.PropertyHelper
[Fatal Error] :-1:-1: Premature end of file.
A developer here has passed on this code to work around a similar problem in httpunit: 

  private static void trustAll()
  {
TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() 
    {

      public java.security.cert.X509Certificate [] getAcceptedIssuers()
      {
        return null;
      }
public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) 
      {
      }
public void checkServerTrusted( java.security.cert.X509Certificate[] certs, String authType) 
      {
      }
    } };

    HostnameVerifier hostnameVerifier = new HostnameVerifier()
    {
      public boolean verify(String rserver, SSLSession sses)
      {

        if (!rserver.equals(sses.getPeerHost()))
        {
          if (!warnedCertificates.contains(sses.getPeerHost()))
          {
            warnedCertificates.add(sses.getPeerHost());
log.warn("certificate <" + sses.getPeerHost() + "> does not match host <" + rserver + ">"); 
          }
        }

        return true;
      }
    };
Unfortunately I do not have access to him to work on htmlunit if in fact there is a similar issue there, and I am not a java developer so don't fancy my chances messing with the htmlunit internals.
Can anyone confirm whether this is a defect (limitation?) in htmlunit, and whether I should open an issue, and hopefully a solution so I can continue writing my webtests? Thanks. 

regards,
        John
at com.canoo.webtest.steps.AbstractBrowserAction.handleUnexpectedExcepti 
on(AbstractBrowserAction.java:120)
at com.canoo.webtest.steps.request.TargetHelper.protectedGoto (TargetHelp 
er.java:115)
at com.canoo.webtest.steps.request.AbstractTargetAction.gotoTarget(Abstr 
actTargetAction.java:106)
at com.canoo.webtest.steps.request.AbstractTargetAction.doExecute(Abstra 
ctTargetAction.java:78)
        at com.canoo.webtest.steps.Step.execute(Step.java:106)
at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:275) 
        at org.apache.tools.ant.Task.perform (Task.java:364)
at com.canoo.webtest.ant.TestStepSequence.executeSteps(TestStepSequence. 
java:43)
at com.canoo.webtest.ant.TestStepSequence.doExecute(TestStepSequence.jav 
a:31)
        at com.canoo.webtest.steps.Step.execute (Step.java:106)
        at org.apache.tools.ant.Task.perform(Task.java:364)
        at com.canoo.webtest.ant.WebtestTask.execute(WebtestTask.java:164)
at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java :275) 
        at org.apache.tools.ant.Task.perform(Task.java:364)
        at org.apache.tools.ant.Target.execute(Target.java:341)
        at org.apache.tools.ant.Target.performTasks(Target.java:369)
at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1216) 
        at org.apache.tools.ant.Project.executeTarget(Project.java:1185)
at org.apache.tools.ant.helper.DefaultExecutor.executeTargets(DefaultExe 
cutor.java:40)
        at org.apache.tools.ant.Project.executeTargets(Project.java:1068)
        at org.apache.tools.ant.Main.runBuild(Main.java:668)
        at org.apache.tools.ant.Main.startAnt(Main.java:187)
        at org.apache.tools.ant.launch.Launcher.run(Launcher.java:246)
        at org.apache.tools.ant.launch.Launcher.main(Launcher.java:67)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.Validator Exception: PKIX path building failed: sun.security.provider.certpath.SunCertPath BuilderException: unable to find valid certification path to requested target at com.sun.net.ssl.internal.ssl.Alerts.getSSLException (Alerts.java:150) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1 
476)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE (Handshaker.java:168) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Clien 
tHandshaker.java:847)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHa 
ndshaker.java :106)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:4 
95)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.jav 
a:433)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord (SSLSocketImpl.j 
ava:815)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SS 
LSocketImpl.java:1025)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl. 
java:619)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.ja 
va:59)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65 
)
at java.io.BufferedOutputStream.flush (BufferedOutputStream.java:123) at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream 
(HttpConnection.java:827)
at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$Http 
ConnectionAdapter.flushRequestOutputStream(MultiThreadedHttpConnectionManager.ja
va:1525)
at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodB 
ase.java:1975)
at org.apache.commons.httpclient.HttpMethodBase.execute (HttpMethodBase.j 
ava:993)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(Htt 
pMethodDirector.java:397)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMe 
thodDirector.java:170)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.jav 
a:396)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.jav 
a:346)
at com.gargoylesoftware.htmlunit.HttpWebConnection.getResponse(HttpWebCo 
nnection.java:126)
at com.gargoylesoftware.htmlunit.WebClient.loadWebResponseFromWebConnect 
ion(WebClient.java:1371)
at com.gargoylesoftware.htmlunit.WebClient.loadWebResponse (WebClient.jav 
a:1329)
at com.gargoylesoftware.htmlunit.WebClient.getPage(WebClient.java:322) at com.gargoylesoftware.htmlunit.WebClient.getPage(WebClient.java:389) at com.canoo.webtest.steps.request.TargetHelper.getResponse (TargetHelper 
.java:69)
at com.canoo.webtest.steps.request.AbstractTargetAction.getResponse(Abst 
ractTargetAction.java:68)
at com.canoo.webtest.steps.request.InvokePage.findTarget(InvokePage.java 
:134)
at com.canoo.webtest.steps.request.AbstractTargetAction$1.call(AbstractT 
argetAction.java:108)
at com.canoo.webtest.steps.request.TargetHelper.protectedGoto(TargetHelp 
er.java:88)
        ... 22 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find vali 
d certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.jav 
a:145)
        at sun.security.validator.Validator.validate (Validator.java:203)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted( 
X509TrustManagerImpl.java:172)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted ( 
SSLContextImpl.java:320)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Clien 
tHandshaker.java:840)
        ... 49 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException : unable to 
 find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCert 
PathBuilder.java:236)
at java.security.cert.CertPathBuilder.build (CertPathBuilder.java:194) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216) 
        ... 54 more
at com.canoo.webtest.ant.WebtestTask.stopBuildIfNeeded(WebtestTask.java: 
228)
        at com.canoo.webtest.ant.WebtestTask.execute(WebtestTask.java:175)
at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:275) 
        at org.apache.tools.ant.Task.perform(Task.java :364)
        at org.apache.tools.ant.Target.execute(Target.java:341)
        at org.apache.tools.ant.Target.performTasks(Target.java:369)
at org.apache.tools.ant.Project.executeSortedTargets(Project.java :1216) 
        at org.apache.tools.ant.Project.executeTarget(Project.java:1185)
at org.apache.tools.ant.helper.DefaultExecutor.executeTargets(DefaultExe 
cutor.java:40)
        at org.apache.tools.ant.Project.executeTargets (Project.java:1068)
        at org.apache.tools.ant.Main.runBuild(Main.java:668)
        at org.apache.tools.ant.Main.startAnt(Main.java:187)
        at org.apache.tools.ant.launch.Launcher.run(Launcher.java:246)
        at org.apache.tools.ant.launch.Launcher.main(Launcher.java:67)

Total time: 4 seconds

C:\WebTest\doc\ISIS>
Incidentally, the above has the test environment password which is different to the production one so you can't run it against the public page. 

_______________________________________________
WebTest mailing list
[email protected]
http://lists.canoo.com/mailman/listinfo/webtest

Reply via email to