search

mock-server / mockserver

MockServer enables easy mocking of any system you integrate with via HTTP or HTTPS with clients written in Java, JavaScript and Ruby. MockServer also includes a proxy that introspects all proxied traffic including encrypted SSL traffic and supports Port Forwarding, Web Proxying (i.e. HTTP proxy), HTTPS Tunneling Proxying (using HTTP CONNECT) and SOCKS Proxying (i.e. dynamic port forwarding).
http://mock-server.com
Apache License 2.0
4.58k stars 1.07k forks source link

Cannot configure mTLS Server as MockServerClient receives 426 #1730

Closed space88man closed 1 year ago

space88man commented 1 year ago

Describe the issue After starting a mTLS ClientAndServer, the first when(...) rule causes ClientException termination with

10:18:42.262 [MockServer-EventLog0] INFO  org.mockserver.log.MockServerEventLog - no tls for connection:

  /127.0.0.1:12350

 returning response:

  {
    "statusCode" : 426,
    "headers" : {
      "Upgrade" : [ "TLS/1.2, HTTP/1.1" ],
      "Connection" : [ "Upgrade" ]
    }
  }

What you are trying to do

MockServer version The version you are using mockserver-netty, mockserver-client-java: 5.15.0

To Reproduce

    @BeforeAll
    static void setUp() {
        ConfigurationProperties.certificateAuthorityCertificate("keys/server-subca.crt");
        ConfigurationProperties.certificateAuthorityPrivateKey("keys/server-subca.key");
        ConfigurationProperties.x509CertificatePath("keys/server-server.crt");
        ConfigurationProperties.privateKeyPath("keys/server-server.key");

        ConfigurationProperties.tlsMutualAuthenticationRequired(true);
        ConfigurationProperties.tlsMutualAuthenticationCertificateChain("keys/server-truststore.pem");

       // outbound TLS not needed 
       // ConfigurationProperties.forwardProxyTLSCustomTrustX509Certificates
       // ConfigurationProperties.forwardProxyCertificateChain
       //  ConfigurationProperties.forwardProxyPrivateKey

        // now server will start and can be connected to by openssl s_client
        mockServer = ClientAndServer.startClientAndServer(12350);

       // this rule causes an error
        mockServer.when(request().withMethod("GET").withPath("/api/any/test"))
        .respond(response().withStatusCode(200).withDelay(TimeUnit.MILLISECONDS, 100)
                .withHeader("Content-Type", "application/json").withBody("{\"status\":\"test OK\"}"));
  1. How you are running MockServer (i.e maven plugin, docker, etc): Java code in JUnit @BeforeAll
  2. Code you used to create expectations: see above
  3. What error you saw: Creating the expection causes 426

Expected behaviour Configure ClientAndServer with when(...) expectations

MockServer Log Log output, as INFO level (or lower)

returning response:

  {
    "statusCode" : 426,
    "headers" : {
      "Upgrade" : [ "TLS/1.2, HTTP/1.1" ],
      "Connection" : [ "Upgrade" ]
    }
  }

org.mockserver.client.ClientException: error:
org.mockserver.client.ClientException: error:

  null

 while submitted expectation:

  {
    "httpRequest" : {
      "method" : "GET",
      "path" : "/api/any/test",
      "secure" : true
    },
    "httpResponse" : {
      "statusCode" : 200,
      "headers" : {
        "Content-Type" : [ "application/json" ]
      },
      "body" : "{\"status\":\"test OK\"}",
      "delay" : {
        "timeUnit" : "MILLISECONDS",
        "value" : 100
      }
    },
    "id" : "f7681987-aa6c-4791-8921-ef4803f84b50",
    "priority" : 0,
    "timeToLive" : {
      "unlimited" : true
    },
    "times" : {
      "unlimited" : true
    }
  }
space88man commented 1 year ago

Closing: found the ::controlPlane* methods and the ::withSecure method in javadocs so that the MockServerClient will also use mTLS.