11 messages in com.canoo.lists.webtest[Webtest] Re: webtest cannot handle t...| From | Sent On | Attachments |
|---|---|---|
| John and Pip | 10 Dec 2006 18:05 | |
| Ralf Müller | 11 Dec 2006 00:19 | |
| John and Pip | 13 Dec 2006 00:43 | |
| Marc Guillemot | 13 Dec 2006 02:48 | |
| John and Pip | 19 Dec 2006 01:58 | |
| Marc Guillemot | 19 Dec 2006 05:17 | |
| Michael Habbert | 20 Dec 2006 01:30 | |
| Marc Guillemot | 20 Dec 2006 03:33 | |
| Michael Habbert | 20 Dec 2006 03:52 | |
| Marc Guillemot | 20 Dec 2006 04:50 | |
| Michael Habbert | 20 Dec 2006 05:53 |
| Subject: | [Webtest] Re: webtest cannot handle the lack of a secure certificate in our test environment |
|---|---|
| From: | Ralf Müller (floy...@gmail.com) |
| Date: | 12/11/2006 12:19:29 AM |
| List: | com.canoo.lists.webtest |
Hi,
as far as I understand it, you have to add the certificate of your webpage to your keystore of trusted certificates. This goes something like this:
use IE to save the certificate as DER encoded X.509 certificate use the java keytool to import it in a keystore:
keytool -import -v -trustcacerts -file <the exported certificate file> -keystore trust.keystore -alias <unique alias for the certificate>
tell webtest to use this keystore:
<property name="webtest.connectioninitializer" value="com.canoo.webtest.security.SunJsseBaseConnectionInitializer" /> <property name="webtest.truststore.file" value="certs/<your keystore file>" /> <property name="webtest.truststore.passphrase" value="<password for the keystore" />
This works! But make sure that you get the path to your files etc. right, because the error messages you get when something is wrong will not really be helpfull :-(
Best Regards, Ralf
John and Pip wrote:
Hi All,
I am testing a secure website, and have not problem in the production system, hitting and logging into https://registration.airnewzealand.com/spr/login/login.jsp <https://registration.airnewzealand.com/spr/login/login.jsp>
However, in our test environment, if you access this page in IE you see a popup saying "Unable to verify the identity of registration.airnewzealand.com <http://registration.airnewzealand.com> as a trusted site." etc etc.
When I try to log in on this page in the test environment (by using a proxy) using the following code:
<?xml version="1.0"?> <!DOCTYPE project SYSTEM " WebTest.dtd"> <project name="OLH" basedir="." default="main"> <property name="webtest.home" location="..\.."/> <import file="${ webtest.home}/lib/taskdef.xml"/> <target name="main"> <setproxy proxyhost="10.16.32.33 <http://10.16.32.33>" proxyport="4005" /> <!-- set to FT3 direct proxy --> <webtest name="ISIS SFF NZ Search"> <config host="any" port="1234" protocol="http" basepath="" summary="true" saveresponse="true" resultpath="..\webtest-results" resultfile="results.xml" showhtmlparseroutput="false" autorefresh="true" haltonfailure="false" timeout="120"> <option name="RedirectEnabled" value="true" /> <header name="User-Agent" value="WebTest" /> </config> <steps> <groovy> def logFile = new File('./webtest.log') logFile.append("\nTest Start\n") logFile.append(step.context.webClient.toString()) logFile.append("\nTest End\n") </groovy> <invoke url="https://registration.airnewzealand.com/spr/login/login.jsp"/> <!-- This fails with a "connection timed out error. It also fails in this format: https://registration.airnewzealand.com/spr?login?login.jsp --> <verifyTitle text="Air New Zealand - My Account"/> <verifyText text="Login"/> <setInputField name="username" value="966594"/> <setInputField name="password" value="password01"/> <!-- Qual value --> <clickButton description="Click image button: " name="image"/> <verifyTitle text="Air New Zealand - My Airpoints Account"/> <verifyText text="My Airpoints Account"/> </steps> </webtest> </target> </project>
I get:
C:\WebTest\doc\ISIS>webtest -debug -f testFT3.xml > out.txt
BUILD FAILED C:\WebTest\doc\ISIS\testFT3.xml:8: Canoo Webtest: R_1438. Test failed. Exception raised: com.canoo.webtest.engine.StepExecutionException: Unexpected ex ception caught: javax.net.ssl.SSLHandshakeException: sun.security.validator.Vali datorException: PKIX path building failed: sun.security.provider.certpath.SunCer tPathBuilderException: unable to find valid certification path to requested targ et, Step: InvokePage at C:\WebTest\doc\ISIS\testFT3.xml:32: with (taskName="inv oke")com.canoo.webtest.engine.StepExecutionException: Unexpected exception caugh t: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorExceptio n: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderE xception: unable to find valid certification path to requested target, Step: Inv okePage at C:\WebTest\doc\ISIS\testFT3.xml:32: with (taskName="invoke") at com.canoo.webtest.steps.Step.handleUnexpectedException(Step.java:413)
[rest of the stack below if you are interested]
and the relevant bit of the webtest debug output is:
Build sequence for target(s) `main' is [main] Complete build sequence is [main, ]
main: [setproxy] Setting proxy to 10.16.32.33:4005 <http://10.16.32.33:4005> Setting project property: webtest.version -> Canoo Webtest: R_1438. Adding reference: ant.PropertyHelper Adding reference: ant.PropertyHelper [Fatal Error] :-1:-1: Premature end of file.
A developer here has passed on this code to work around a similar problem in httpunit:
private static void trustAll() { TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
public java.security.cert.X509Certificate [] getAcceptedIssuers() { return null; }
public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) { }
public void checkServerTrusted( java.security.cert.X509Certificate[] certs, String authType) { } } };
HostnameVerifier hostnameVerifier = new HostnameVerifier() { public boolean verify(String rserver, SSLSession sses) {
if (!rserver.equals(sses.getPeerHost())) { if (!warnedCertificates.contains(sses.getPeerHost())) { warnedCertificates.add(sses.getPeerHost()); log.warn("certificate <" + sses.getPeerHost() + "> does not match host <" + rserver + ">"); } }
return true; } };
Unfortunately I do not have access to him to work on htmlunit if in fact there is a similar issue there, and I am not a java developer so don't fancy my chances messing with the htmlunit internals.
Can anyone confirm whether this is a defect (limitation?) in htmlunit, and whether I should open an issue, and hopefully a solution so I can continue writing my webtests? Thanks.
regards, John
at com.canoo.webtest.steps.AbstractBrowserAction.handleUnexpectedExcepti on(AbstractBrowserAction.java:120) at com.canoo.webtest.steps.request.TargetHelper.protectedGoto (TargetHelp er.java:115) at com.canoo.webtest.steps.request.AbstractTargetAction.gotoTarget(Abstr actTargetAction.java:106) at com.canoo.webtest.steps.request.AbstractTargetAction.doExecute(Abstra ctTargetAction.java:78) at com.canoo.webtest.steps.Step.execute(Step.java:106) at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:275) at org.apache.tools.ant.Task.perform (Task.java:364) at com.canoo.webtest.ant.TestStepSequence.executeSteps(TestStepSequence. java:43) at com.canoo.webtest.ant.TestStepSequence.doExecute(TestStepSequence.jav a:31) at com.canoo.webtest.steps.Step.execute (Step.java:106) at org.apache.tools.ant.Task.perform(Task.java:364) at com.canoo.webtest.ant.WebtestTask.execute(WebtestTask.java:164) at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java :275) at org.apache.tools.ant.Task.perform(Task.java:364) at org.apache.tools.ant.Target.execute(Target.java:341) at org.apache.tools.ant.Target.performTasks(Target.java:369) at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1216) at org.apache.tools.ant.Project.executeTarget(Project.java:1185) at org.apache.tools.ant.helper.DefaultExecutor.executeTargets(DefaultExe cutor.java:40) at org.apache.tools.ant.Project.executeTargets(Project.java:1068) at org.apache.tools.ant.Main.runBuild(Main.java:668) at org.apache.tools.ant.Main.startAnt(Main.java:187) at org.apache.tools.ant.launch.Launcher.run(Launcher.java:246) at org.apache.tools.ant.launch.Launcher.main(Launcher.java:67) Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.Validator Exception: PKIX path building failed: sun.security.provider.certpath.SunCertPath BuilderException: unable to find valid certification path to requested target at com.sun.net.ssl.internal.ssl.Alerts.getSSLException (Alerts.java:150) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1 476) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE (Handshaker.java:168) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Clien tHandshaker.java:847) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHa ndshaker.java :106) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:4 95) at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.jav a:433) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord (SSLSocketImpl.j ava:815) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SS LSocketImpl.java:1025) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl. java:619) at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.ja va:59) at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65 ) at java.io.BufferedOutputStream.flush (BufferedOutputStream.java:123) at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream (HttpConnection.java:827) at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$Http ConnectionAdapter.flushRequestOutputStream(MultiThreadedHttpConnectionManager.ja va:1525) at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodB ase.java:1975) at org.apache.commons.httpclient.HttpMethodBase.execute (HttpMethodBase.j ava:993) at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(Htt pMethodDirector.java:397) at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMe thodDirector.java:170) at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.jav a:396) at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.jav a:346) at com.gargoylesoftware.htmlunit.HttpWebConnection.getResponse(HttpWebCo nnection.java:126) at com.gargoylesoftware.htmlunit.WebClient.loadWebResponseFromWebConnect ion(WebClient.java:1371) at com.gargoylesoftware.htmlunit.WebClient.loadWebResponse (WebClient.jav a:1329) at com.gargoylesoftware.htmlunit.WebClient.getPage(WebClient.java:322) at com.gargoylesoftware.htmlunit.WebClient.getPage(WebClient.java:389) at com.canoo.webtest.steps.request.TargetHelper.getResponse (TargetHelper .java:69) at com.canoo.webtest.steps.request.AbstractTargetAction.getResponse(Abst ractTargetAction.java:68) at com.canoo.webtest.steps.request.InvokePage.findTarget(InvokePage.java :134) at com.canoo.webtest.steps.request.AbstractTargetAction$1.call(AbstractT argetAction.java:108) at com.canoo.webtest.steps.request.TargetHelper.protectedGoto(TargetHelp er.java:88) ... 22 more Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find vali d certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.jav a:145) at sun.security.validator.Validator.validate (Validator.java:203) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted( X509TrustManagerImpl.java:172) at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted ( SSLContextImpl.java:320) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Clien tHandshaker.java:840) ... 49 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException : unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCert PathBuilder.java:236) at java.security.cert.CertPathBuilder.build (CertPathBuilder.java:194) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216) ... 54 more
at com.canoo.webtest.ant.WebtestTask.stopBuildIfNeeded(WebtestTask.java: 228) at com.canoo.webtest.ant.WebtestTask.execute(WebtestTask.java:175) at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:275) at org.apache.tools.ant.Task.perform(Task.java :364) at org.apache.tools.ant.Target.execute(Target.java:341) at org.apache.tools.ant.Target.performTasks(Target.java:369) at org.apache.tools.ant.Project.executeSortedTargets(Project.java :1216) at org.apache.tools.ant.Project.executeTarget(Project.java:1185) at org.apache.tools.ant.helper.DefaultExecutor.executeTargets(DefaultExe cutor.java:40) at org.apache.tools.ant.Project.executeTargets (Project.java:1068) at org.apache.tools.ant.Main.runBuild(Main.java:668) at org.apache.tools.ant.Main.startAnt(Main.java:187) at org.apache.tools.ant.launch.Launcher.run(Launcher.java:246) at org.apache.tools.ant.launch.Launcher.main(Launcher.java:67)
Total time: 4 seconds
C:\WebTest\doc\ISIS>
Incidentally, the above has the test environment password which is different to the production one so you can't run it against the public page.