I have a spring-boot application for which i am writing integration tests
I'm trying to use hoverfly-java to capture the traffic for an external system i am using. My test runs fine when i dont add hoverfly, but on adding this line:
#ClassRule
public static HoverflyRule hoverflyRule = HoverflyRule.inCaptureOrSimulationMode("simulation.json");
My external system returns a 500 and I see the following error
POST abc/login: x509: certificate signed by unknown authority
How to I update my resttemplate to fix this?
Actally, rather than me asking questions I can guess that if it is the case of being self-signed, you can try using the -tls-verification command in Hoverfly as documented here:
http://hoverfly.readthedocs.io/en/v0.13.0/pages/reference/hoverfly/hoverflycommands.html?highlight=tls
However, I have noticed that this is not configurable through Hoverfly Java. Try using the Hoverfly binary directly to prove that it is indeed the fix, and if that is the case raise a GitHub issue and we will make it configurable in the Java binding.
Disabling TLS verification solved the issue for me.
May be you didn't try the correct command.
Try hoverfly -tls-verification=false
You should see TLS certificate verification has been disabled
in the logs.
Hope this helps.
Related
I'm trying to call an Italian webservice, but I'm getting an SSLHandshakeException exception. I know this is a security trust problem and I should have a certificate to allow me to communicate using SSL. I would like to know if someone can help me to understand what should be the next steps and how can I generate a valid certificate to communicate with the webservice. Security is not my beach :)
The Italian webservice has a zip folder with a tool for developers and they have there two certificates, but I don't know what I should do with them. YOu can see here: https://sistemats1.sanita.finanze.it/portale/spese-sanitarie/documenti-e-specifiche-tecniche-strumenti-per-lo-sviluppo
Link to the Zip file: (https://sistemats1.sanita.finanze.it/portale/documents/20182/34450/kit730P_ver_20210301.zip/027086e7-385a-6071-ca86-f52077923a85)
You can see my experimental code here: https://github.com/nbentoneves/ws-spring-sts/blob/main/src/main/java/com/github/STSClient.java, feel free to clone and try it.
Note: In the development kit they have a soap project and I was able to call the webservice without needing anything.
STS Test Environment: https://invioSS730pTest.sanita.finanze.it/DocumentoSpesa730pWeb/DocumentoSpesa730pPort
Thanks,
Have a nice code time :)
You need to create a Trust Manager which does not validate certificate chains like the default ones.
Check this:
(How to solve javax.net.ssl.SSLHandshakeException Error?)
I am using RestAssured Java library to test REST API, and need to use certificate when invoking the API. I've come across the following stackoverflow link How to make HTTPS GET call with certificate in Rest-Assured java, but none of the solution seems to work.
In RestAssure official Java Doc, I find this page: https://www.javadoc.io/doc/io.rest-assured/rest-assured/3.2.0
In the sub link that points to io.restassured.config, Class SSLConfig, there's this statement:
"Now you want to use this truststore in your client:"
RestAssured.config = RestAssured.newConfig().sslConfig(new SSLConfig("/truststore_javanet.jks", "test1234");
"or"
given().config(newConfig().sslConfig(new SSLConfig("/truststore_javanet.jks", "test1234"))
Is this kidding? Because if you look at the SSLConfig constructor
SSLConfig()
It does not accept path and password string as parameter at all. And that's what my IDE says too.
Has anyone get their code working at all?
Also the usual logging functionality 'RestAssured log.all()' does not seem to log any certificate related info when sending http requests.
Even if I made up some code like:
RestAssured.config = newConfig().sslConfig(new SSLConfig().trustStore("src/test/resources/certs/trust.jks", "password"));
It does not throw error if I give a non-existing file path value for the parameter.
So I am stuck. With no sample code to follow, or RestAssured printing any helpful info for me to debug certificate related issue.
my team is facing a SSLException when we try to hit a REST based webservice. We are adding all the headers required to call the webservice.
Right now we have got a temporary solution to the problem. We have added the security file from Java 8 folder to the Java 7 folder.
There is one more socket based solution which our team tried, but I don't know it on the larger context. But it has been refused to implement too by higher authorities.
We have found that the webservice is based on java 5. And in java 7 some of the security certificates were not available due to which we were getting an error. The first solution works for the testing phase but it's not good for production purposes.
The actual error we are facing is:
javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
During our research we found this question too and tried to follow up every solution given for this question.
So is there anyone who has faced the similar issue before and provide us with a solution to apply, so that we can hit the webservice and add those certificates dynamically at runtime.
Please post the SSL debug logs?
I had this problem once and reason was that remote rest service were only supporting TLSv1.2 and we were on TLSv1.1
We called the rest service by mentioning TLSv1.1 protocol in System.setProperty() method.
The problem was with the Java version. The security files which were needed by the rest service to hit were not present in Java 1.7.51(our current java version). So instead of changing the security files we upgraded our java version from 1.7.51 to 1.7.80(This version of java contains those security files). Hence no compatibility was broken and the issue was fixed successfully without a workaround.
We got this solution's idea from this StackOverflow Question.
I'm developing a webapp with a webservice for a WL 12.1.2 server. The information it sends/recieves does not contain any secret information, so my advisers told me to disable SSL hostname verification.
After some research, I found that turning the option off in the Admin Consol doesn't help.
Then I found that, I have to write '-Dweblogic.security.SSL.ignoreHostnameVerification=true' in server start. After this, when I restart the server it still doesn't work, but when I log in to the Admin Console, it passes validation. But after a while it resets, and goes back to not skipping validation, thus failing the program.
Do you have any idea how to keep this option turned off, how to make it stable, or any other way to make it work?
I tried adding the certificate information to the Demo Trusts, Certs, but the weblogic hostname verifier somehow doesn't understand that 123.asd.com should be accepted by a *.asd.com cert. If there is a way, I'd like to skip the whole thing instead of overwriting the ssl verifier.
Thanks in advance!
Botond
After a while I have found the solution of the problem I was encountering.
The problem was that I thought that changing stuff in the admin console would be saved and loaded every time I started the server, but the truth is, it is not.
I had to add the following line to the startWebLogic.cmd script: "set JAVA_OPTIONS=%JAVA_OPTIONS% -Dweblogic.security.SSL.ignoreHostnameVerification=true" and this worked. Now the server starts as it should, and it always skips the verification as I wanted. There are no anomalies!
This screenshot speaks all:
-Dweblogic.security.SSL.ignoreHostnameVerification=true
As a premise, I am not very experienced yet, but I have tried to read and search everything I possibly could, related to this topic, and still no luck.
I was given a simple client to call a webservice but once it was fully setup (which included the use of a certificate and a couple more properties to set) I got the error mentioned in the title:
javax.xml.ws.WebServiceException: {http://http://cert.controller.portaapplicativa.ictechnology.it//}MyService is not a valid service. Valid services are:
at com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:187)
at com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:159)
at com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:82)
at javax.xml.ws.Service.<init>(Service.java:56)
at package.client.wsimport.MyService..<init>(MyService.java:46)
at package.client.Client.doRicercaDEN(Client.java:55)
at package.client.Client.main(Client.java:36)
I tried generating the client again with JAX-WS:
java -classpath C:\Programmi\Java\jdk1.6.0_38\lib\tools.jar com.sun.tools.internal.ws.WsImport -verbose C:\WsdlFile.wsdl -p package.client.wsimport -s C:\tmp\ws\
And I get the same issue. I am using a local copy of the wsdl because wsimport doesn't seem to like the certificate I'm trying to set in the properties (I'm most likely doing something wrong, but I opted for the simple workaround, given I have more pressing issues).
Trying to use SoapUI to test the service, everything works fine, though I need to set the preferences for the proxy to "None".
So I tried to make sure the connection doesn't use any proxy in my client as well:
(...)
systemSettings.remove("http.proxyHost");
systemSettings.remove("http.proxyPort");
systemSettings.remove("https.proxyHost");
systemSettings.remove("https.proxyPort");
System.setProperty("http.nonProxyHosts","*");
System.setProperty("https.nonProxyHosts","*");
(BTW, before "*", which as I understand it should work as a wildcard for "every domain", I have tried specifying the specific domains as well)
Anyway, the result is always the same.
Is there something I am doing wrong, something left to try?
I doubt this is a proxy issue. If you can share the code you are using to create the Service object it might help.
As a kick start try reading the below thread Is not a valid service exception in JAX-WS
What I think is that the QName you have provided when creating the Service is not proper. To get the correct QName you might try to open the generated stub.
As it turns out, what I was missing was importing the certificate in my local truststore (or better, when I first tried doing so, I thought I was using the correct truststore, but I wasn't).
For anyone who may need it, here is an explanation of how to do that using keytool: http://javarevisited.blogspot.it/2012/03/add-list-certficates-java-keystore.html
Another option is to use specific GUI like Portecle.