Closed GoogleCodeExporter closed 8 years ago
Thanks for reporting. I'm not quite sure how to fix this. If you have any ideas
please let us know.
Original comment by johan.ha...@gmail.com
on 12 Nov 2012 at 8:18
I've managed to get this to work. You have to create a SSLSocketFactory with
both a keystore and a truststore. I added this method to AuthConfig:
public void certificate( String certURL, String password, String trustURL, String trustPassword )
throws GeneralSecurityException, IOException {
KeyStore keyStore = KeyStore.getInstance( KeyStore.getDefaultType() );
InputStream jksStream = new URL(certURL).openStream();
try {
keyStore.load( jksStream, password.toCharArray() );
} finally { jksStream.close(); }
KeyStore trustStore = KeyStore.getInstance( KeyStore.getDefaultType() );
jksStream = new URL(trustURL).openStream();
try {
trustStore.load( jksStream, trustPassword.toCharArray() );
} finally { jksStream.close(); }
SSLSocketFactory ssl = new SSLSocketFactory(keyStore, password, trustStore);
ssl.setHostnameVerifier( SSLSocketFactory.STRICT_HOSTNAME_VERIFIER );
builder.getClient().getConnectionManager().getSchemeRegistry()
.register( new Scheme("https", ssl, 443) );
}
I now changed the beforeClass() method like this:
@BeforeClass
public static void beforeClass() throws Exception {
final CertAuthWithTrustStoreScheme scheme = new CertAuthWithTrustStoreScheme();
scheme.setCertURL(AbstractExternalServicesFunctionalTestCase.class.getClassLoader().getResource("client.jks").toString());
scheme.setPassword("xdr537");
scheme.setTrustURL(AbstractExternalServicesFunctionalTestCase.class.getClassLoader().getResource("trust.jks").toString());
scheme.setTrustPassword("changeit");
RestAssured.authentication = scheme;
RestAssured.baseURI = "https://localhost/";
RestAssured.port = 443;
}
The best would be if you could use the keystore set by RestAssured.keystore(),
but I didn't found a way to do that...
Original comment by henrik.k...@gmail.com
on 21 Nov 2012 at 5:33
Attachments:
Thanks a lot for your help! I'll look into your code as soon as I find some
time.
Original comment by johan.ha...@gmail.com
on 22 Nov 2012 at 8:57
I've look into this briefly. I think there may be some overlap with the new
AuthConfig method and features that's already available in Rest Assured. Have a
look at Rest Assured.setKeystore and you'll find the similarities if you dig
further into the code (see KeystoreSpecImpl). What may be missing is the
possibility to set a trust url. Perhaps that's what missing and in that case we
wouldn't need a new auth config method?
Original comment by johan.ha...@gmail.com
on 28 Nov 2012 at 7:29
You already have an overlap then using the current AuthConfig.certificate()
method because the SSLSocketFactory created by KeystoreSpecImpl isn't used if
RestAssured.authentication is set to CertAuthScheme. I you extend
KeystoreSpecImpl to set both cert and trust store, I think you should remove
AuthConfig.certificate() and CertAuthScheme so this only can be configured in
one way.
But I think the best solution would be to set the trust store as today with
RestAssured.setKeyStore() (maybe renamed to setTruststore()) and make
AuthConfig look if a keystore is set by setKeyStore() and use it the creating
the SSLSocketFactory.
I also found that the port is hardcoded in AuthConfig.certificate() to 443.
Shouldn't this be read from RestAssured.port?
Original comment by henrik.k...@gmail.com
on 23 Jan 2013 at 1:42
I'm really really busy right now and it would be really helpful if you would
like help out by creating a pull request at github for this.
It sounds very strange that the port should not be hard-coded, that's probably
a bug as well.
Original comment by johan.ha...@gmail.com
on 23 Jan 2013 at 2:06
Some links:
http://stackoverflow.com/questions/7256955/java-sslexception-hostname-in-certifi
cate-didnt-match
http://javaskeleton.blogspot.com/2010/07/avoiding-peer-not-authenticated-with.ht
ml
http://tech.chitgoks.com/2011/04/24/how-to-avoid-javax-net-ssl-sslpeerunverified
exception-peer-not-authenticated-problem-using-apache-httpclient/
Original comment by johan.ha...@gmail.com
on 19 Mar 2013 at 7:17
Thanks to Ian Forsey this should now be fixed:
RequestSpecBuilder request = ...
request.setKeystore("truststore.jks", "password");
CertAuthScheme scheme = new CertAuthScheme();
scheme.setCertURL("clientcert.p12");
scheme.setCertType("pkcs12");
scheme.setPassword("password");
scheme.setPort(8443);
request.setAuthentication(scheme);
Original comment by johan.ha...@gmail.com
on 23 Apr 2013 at 5:39
You can also do:
given().auth().certificate("clientcert.p12", "password", "pkcs12", 8443,
scheme). ..
Original comment by johan.ha...@gmail.com
on 23 Apr 2013 at 6:06
That should be given().auth().certificate("clientcert.p12", "password",
"pkcs12", 8443, trustStore)
Original comment by johan.ha...@gmail.com
on 23 Apr 2013 at 6:09
Great! When will this be available in a released version?
I also saw that the default port in CertAuthScheme was 433 instead of 443...
Original comment by henrik.k...@gmail.com
on 8 May 2013 at 8:46
Thanks for pointing out, I've changed it to 443.
I don't know when the release will be available in Maven central but I've
published a new snapshot version to Sonatype if you want to try it out. Depend
on version 1.8.1-SNAPSHOT after having added the following maven repo:
<repositories>
<repository>
<id>sonatype</id>
<url>https://oss.sonatype.org/content/repositories/snapshots/</url>
<snapshots />
</repository>
</repositories>
Original comment by johan.ha...@gmail.com
on 8 May 2013 at 1:10
Original comment by johan.ha...@gmail.com
on 8 May 2013 at 1:11
Original issue reported on code.google.com by
henrik.k...@gmail.com
on 12 Nov 2012 at 10:49