2 messages in com.canoo.lists.webtestRe: [Webtest] Testing SSL site with n...| From | Sent On | Attachments |
|---|---|---|
| Dwayne Miller | 17 Aug 2004 15:55 | |
| Paul King | 17 Aug 2004 18:53 |
| Subject: | Re: [Webtest] Testing SSL site with non-trusted cert |
|---|---|
| From: | Paul King (pau...@asert.com.au) |
| Date: | 08/17/2004 06:53:34 PM |
| List: | com.canoo.lists.webtest |
Dwayne Miller wrote:
Can anyone point me to docs that show how to setup WebTest for a server running SSL. Also, the client cert is a hand-rolled cert, not a trusted one. While I'd like to run the webserver in SSL mode, I dont' really care if WebTest is somehow told to ignore problems with the cert if that is possible.
Not sure where this is in the docs, but here is what we do.
We have the following in a separate XML file (SSLprops.xml):
<property name="webtest.truststore.file" value="${webtest.home}/certs/client_testcacerts"/> <property name="webtest.keystore.file" value="${webtest.home}/certs/client_testcacerts"/> <property name="webtest.keystore.alias" value="MyAlias"/> <property name="webtest.connectioninitializer" value="com.canoo.webtest.security.SunJsseBaseConnectionInitializer"/>
Of course, you will have to add the certificate (and possibly other certificates in your trust chain) into the certs file and you may have different certs files for different environments. The theory is that you will have stored your certificate in the cert using the alias provided. In practice, I don't think this is checked. We certainly have multiple certs in our keystore/certs file, so the alias doesn't matter.
Then setup up an SSL module, i.e. declare an entity reference to the file:
<!ENTITY ssl SYSTEM "file:../SSLprops.xml">
Then just use &ssl; within your build file. We do this inside our init target.
We mainly use WebLogic Workshop as our IDE and invoke our test scripts from within it. To avoid classpath/classloader/ant version problems we call our webtest ant build files in a nested fashion. We feed some additional parameters related to security/SSL to the nested ant invocation. This will allow your webtest build file to do other steps which trust the SSL certificates on your server. I am not sure any of these affect webtest but it might (in our case we also use sqlunit - it supports the webtest reporting format - which grabs a datasource via SSL). The different options instruct Apache HttpClient/Sun JSSE and WebLogic client classes to trust the certificate.
<target name="myTests" description="Invoke ant externally to avoid classpath/classloader problems"> <java fork="true" classname="org.apache.tools.ant.Main"> <sysproperty key="bea.home" value="C:/bea"/> <sysproperty key="weblogic.security.TrustKeyStore" value="CustomTrust"/> <sysproperty key="weblogic.security.CustomTrustKeyStoreFileName" value="${webtest.certs}/${certname}"/> <sysproperty key="javax.net.ssl.trustStore" value="${webtest.certs}/${certname}" /> <arg line="-f mySubdir/myTests.xml"/> <classpath> <pathelement path="${webtest.lib}"/> <fileset dir="${webtest.lib}" includes="*.jar"/> <pathelement path="${sqlunit.lib}/sqlunit.dtd"/> <fileset dir="${sqlunit.lib}" includes="*.jar"/> </classpath> </java> </target>
Cheers, Paul.