search

AppiumTestDistribution / appium-interceptor-plugin

Appium 2.0 plugin to mock api calls for android apps
27 stars 11 forks source link

`java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.` #31

Open ygarg465 opened 5 months ago

ygarg465 commented 5 months ago

Describe the Issue I have a Hybrid Application developed using CapacitorJS. I am using Appium with WebDriverIO. I am mocking the REST API in test by following the guide in this repo, however, when the request is sent by the app this exception arises in logcat

java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
                                                                                                    javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
                                                                                                        at com.android.org.conscrypt.SSLUtils.toSSLHandshakeException(SSLUtils.java:356)
                                                                                                        at com.android.org.conscrypt.ConscryptEngine.convertException(ConscryptEngine.java:1134)
                                                                                                        at com.android.org.conscrypt.ConscryptEngine.readPlaintextData(ConscryptEngine.java:1089)
                                                                                                        at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:876)
                                                                                                        at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:747)
                                                                                                        at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:712)
                                                                                                        at com.android.org.conscrypt.ConscryptEngineSocket$SSLInputStream.processDataFromSocket(ConscryptEngineSocket.java:896)
                                                                                                        at com.android.org.conscrypt.ConscryptEngineSocket$SSLInputStream.-$$Nest$mprocessDataFromSocket(Unknown Source:0)
                                                                                                        at com.android.org.conscrypt.ConscryptEngineSocket.doHandshake(ConscryptEngineSocket.java:236)
                                                                                                        at com.android.org.conscrypt.ConscryptEngineSocket.startHandshake(ConscryptEngineSocket.java:218)
                                                                                                        at com.android.okhttp.internal.io.RealConnection.connectTls(RealConnection.java:196)
                                                                                                        at com.android.okhttp.internal.io.RealConnection.connectSocket(RealConnection.java:153)
                                                                                                        at com.android.okhttp.internal.io.RealConnection.connect(RealConnection.java:116)
                                                                                                        at com.android.okhttp.internal.http.StreamAllocation.findConnection(StreamAllocation.java:186)
                                                                                                        at com.android.okhttp.internal.http.StreamAllocation.findHealthyConnection(StreamAllocation.java:128)
                                                                                                        at com.android.okhttp.internal.http.StreamAllocation.newStream(StreamAllocation.java:97)
                                                                                                        at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:289)
                                                                                                        at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:232)
                                                                                                        at com.android.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:465)
                                                                                                        at com.android.okhttp.internal.huc.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:131)
                                                                                                        at com.android.okhttp.internal.huc.HttpURLConnectionImpl.getOutputStream(HttpURLConnectionImpl.java:262)
                                                                                                        at com.android.okhttp.internal.huc.DelegatingHttpsURLConnection.getOutputStream(DelegatingHttpsURLConnection.java:219)
                                                                                                        at com.android.okhttp.internal.huc.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:30)
                                                                                                        at com.getcapacitor.plugin.util.CapacitorHttpUrlConnection.writeRequestBody(CapacitorHttpUrlConnection.java:239)
                                                                                                        at com.getcapacitor.plugin.util.CapacitorHttpUrlConnection.setRequestBody(CapacitorHttpUrlConnection.java:210)
                                                                                                        at com.getcapacitor.plugin.util.HttpRequestHandler.request(HttpRequestHandler.java:414)
                                                                                                        at com.getcapacitor.plugin.CapacitorHttp$1.run(CapacitorHttp.java:66)
                                                                                                        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:487)
                                                                                                        at java.util.concurrent.FutureTask.run(FutureTask.java:264)
                                                                                                        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
                                                                                                        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:644)
                                                                                                        at java.lang.Thread.run(Thread.java:1012)
                                                                                                    Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
                                                                                                        at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:656)
                                                                                                        at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:505)
                                                                                                        at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:425)
                                                                                                        at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:353)
                                                                                                        at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:94)
                                                                                                        at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:90)
                                                                                                        at com.android.org.conscrypt.ConscryptEngineSocket$2.checkServerTrusted(ConscryptEngineSocket.java:163)
2024-03-25 19:13:15.169  6592-6756  Capacitor/Plugin                  E     at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:260)
                                                                                                        at com.android.org.conscrypt.ConscryptEngine.verifyCertificateChain(ConscryptEngine.java:1638)
                                                                                                        at com.android.org.conscrypt.NativeCrypto.ENGINE_SSL_read_direct(Native Method)
                                                                                                        at com.android.org.conscrypt.NativeSsl.readDirectByteBuffer(NativeSsl.java:569)
                                                                                                        at com.android.org.conscrypt.ConscryptEngine.readPlaintextDataDirect(ConscryptEngine.java:1095)
                                                                                                        at com.android.org.conscrypt.ConscryptEngine.readPlaintextData(ConscryptEngine.java:1079)

I have also replaced the implementation of fetch and XMLHttpRequest with native implementation using Capacitor HTTP Plugin, still got no success.

How to reproduce ?

  1. Create a Capacitor App.
  2. Replace the fetch and XMLHttpRequest with native implementation using Capacitor HTTP Plugin.
  3. Write a fetch request from JS Code.
  4. follow the guide on this repo to setup appium-interceptor-plugin.
  5. Test the application.

Device Information OS: Android Version: API 34 (Android 14) Device: Pixel 7 Pro

sudharsan-selvaraj commented 5 months ago

Looks like a security issue to me. With the little help of google i came to know that your app needs some additional configuration to trust the certificates installed on the mobile. Also make sure your are using the debug apk build of the application.

Refer - https://stackoverflow.com/questions/48879181/how-to-add-network-security-configuration-to-enable-charles-proxy-ssl-in-nougat

ygarg465 commented 5 months ago

Hey @sudharsan-selvaraj, Thanks for replying, however, the above-mentioned solution hits my server not the mocked API.

ygarg465 commented 5 months ago

Hi @sudharsan-selvaraj, did you take a look at it? As I am still struggling to achieve the desired behaviour.