Cucumber – Grails – HTTPBuilder and SSL issues

My API test tool was complaining about some SSL issues.

The error was:

javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

This is due to having a self signed cert on our development/integration environment.   One solution would be to get a valid cert… or a less expensive solution is to do some workaround in the test.

I was using HTTPBuilder, which has some workflows on these SSL issues.  It seems pretty harry at first, but really it’s not so bad.  The steps boil down to these:

  1. In Firefox, with cleaned cache, go to https:// and your site.
  2. When prompted that you are going to an insecure website, click the add exception option
  3. Follow the prompts to view the certificate, and export it as a PEM file to your local machine.
  4. If your local machine is linux/osx, you can run a command like this: keytool -importcert -alias “<choose a name for the alias of your cert>” -file <input the path to your cert file… i.e. mysite.com> -keystore truststore.jks -storepass 1234abc
  5. It will prompt if we want to trust this cert, we type yes and enter.

If using Grails, you’ll want this jks file in your application.  Since this is a configuration of the test tool, I think putting it in the conf folder is fine.  So do a sudo mv <your jks file name> <your project path/grails-app/conf>

Inside the grails test, it reads:

Given(~'^a generic GET request is made to the country end point$') { ->

def http = new RESTClient('https://myexampletestsite.com/country?format=json')

def keyStore = KeyStore.getInstance( KeyStore.defaultType)
 getClass().getResource("/truststore.jks").withInputStream {
 keyStore.load( it, "1234abc".toCharArray())
 }
 http.client.connectionManager.schemeRegistry.register(
 new Scheme("https", new SSLSocketFactory(keyStore), 443))

http.headers['Authorization'] = 'Basic'+"user:pass".bytes.encodeBase64()
 html = http.get( path : '')

}
 Then(~'^a list of countries is returned$') { ->
 assert html.status == 200

//Add other assertions as needed

}

This allows the test to now hit the site with the invalid cert, use the certificate we exported in firefox as the exception to be added when accessing this domain.  In this case, I also had basic authentication being used for the public endpoint being tested, and did a basic get with HTTPBuilder’s RestClient.

 

Leave a Reply

Your email address will not be published. Required fields are marked *