search

pact-foundation / pact-jvm

JVM version of Pact. Enables consumer driven contract testing, providing a mock service and DSL for the consumer project, and interaction playback and verification for the service provider project.
https://docs.pact.io
Apache License 2.0
1.07k stars 473 forks source link

SSLHandshakeException -bad_certificate #624

Open Vlad-Olaru opened 6 years ago

Vlad-Olaru commented 6 years ago

Hello,

I've been trying to run a pact json file against our own server. With SSL disabled - a normal http connection works properly, but for now I get a SSLHandshakeException, claiming there's a bad certificate. This is the same truststore that we use in several other end to end tests and didn't have any issue with this. Any hint from where the issue might be?

           <plugin>
                <groupId>au.com.dius</groupId>
                <artifactId>pact-jvm-provider-maven_2.12</artifactId>
                <version>3.5.11</version>
                <configuration>
                    <serviceProviders>
                        <serviceProvider>
                            <name>provider1</name>
                            <protocol>https</protocol>
                            <host>###hostname###</host>
                            <port>8081</port>
                            <trustStore>src/main/resources/client-truststore.jks</trustStore>
                            <trustStorePassword>###password###</trustStorePassword>
                            <consumers>
                                <consumer>
                                    <name>consumer1</name>
                                    <pactFile>src/main/resources/pact.json</pactFile>
                                </consumer>
                            </consumers>
                        </serviceProvider>
                    </serviceProviders>
                    <pactBrokerUrl/>
                </configuration>
            </plugin>
uglyog commented 6 years ago

Could you provide the exception? That will indicate why the certificate was rejected.

Vlad-Olaru commented 6 years ago

Here is the stacktrace:

javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
    at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2011)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1113)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1363)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1391)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1375)
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:396)
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355)
    at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
    at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:359)
    at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381)
    at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237)
    at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185)
    at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
    at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111)
    at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)
    at au.com.dius.pact.provider.ProviderClient.makeRequest(ProviderClient.kt:95)
    at au.com.dius.pact.provider.ProviderVerifier.verifyResponseFromProvider(ProviderVerifier.groovy:214)
    at au.com.dius.pact.provider.ProviderVerifier.verifyInteraction(ProviderVerifier.groovy:185)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:497)
    at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:93)
    at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:325)
    at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1213)
    at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1080)
    at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1022)
    at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1087)
    at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1022)
    at groovy.lang.Closure.call(Closure.java:414)
    at groovy.lang.Closure.call(Closure.java:430)
    at org.codehaus.groovy.runtime.DefaultGroovyMethods.collect(DefaultGroovyMethods.java:3202)
    at org.codehaus.groovy.runtime.DefaultGroovyMethods.collect(DefaultGroovyMethods.java:3172)
    at au.com.dius.pact.provider.ProviderVerifier.runVerificationForConsumer(ProviderVerifier.groovy:85)
    at au.com.dius.pact.provider.ProviderVerifier.runVerificationForConsumer(ProviderVerifier.groovy)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:497)
    at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:93)
    at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:325)
    at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1213)
    at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1080)
    at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1022)
    at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1087)
    at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1022)
    at groovy.lang.Closure.call(Closure.java:414)
    at groovy.lang.Closure.call(Closure.java:430)
      Request Failed - Received fatal alert: bad_certificate
Vlad-Olaru commented 6 years ago

I have just realised that I need mutual TLS in order for it to work. Is there any way to provide the keystore besides the truststore for this plugin?

uglyog commented 6 years ago

No one has done mutual TLS before, so I don't think the plugin will support it. When you refer to the keystore (as the trust store is a keystore), do you mean the store with which to verify the client certs?

Vlad-Olaru commented 6 years ago

No, actually it's the keystore where the client's certificate is stored.

Claudia-Licu commented 5 years ago

Hi @Vlad-Olaru , have you found any solutions for this?

Vlad-Olaru commented 5 years ago

Nothing