Alessandro Bramati
03/02/2023, 9:52 AMwireMockConfiguration = options()
.disableRequestJournal()
.usingFilesUnderDirectory(rootFolder)
.port(Integer.parseInt(getProperty("port")))
.adminAuthenticator(getAdminAuthenticator())
.jettyAcceptors(Integer.parseInt(getPropertyOrDefault("acceptor.threads", DEFAULT_ACCEPTOR_THREADS)))
.keystorePath(getProperty("keystore.path"))
.keystorePassword(getProperty("keystore.password"))
.trustStorePath(getProperty("truststore.path"))
.trustStorePassword(getProperty("truststore.password"))
.extensions(
new AdminRequestLoggingFilter(),
new ServiceRequestLoggingFilter(),
new ServiceResponseLoggingFilter(),
new ResponseTemplateTransformer(true));
Here the error:
SL failure trying to make a proxied request from WireMock to ...
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
My keystore contains my private cert and the truststore contains the server certificate (everything ok with curl).
Is there something missing?
Thanks
AlessandroRob Elliot
03/02/2023, 10:10 AMAlessandro Bramati
03/02/2023, 10:49 AM<https://github.com/wiremock/wiremock/blob/2.35.0/src/main/java/com/github/tomakehurst/wiremock/http/HttpClientFactory.java>
Rob Elliot
03/02/2023, 2:40 PMProxyResponseRenderer
🙁Alessandro Bramati
03/02/2023, 2:45 PMRob Elliot
03/02/2023, 2:46 PMAlessandro Bramati
03/02/2023, 3:22 PMimport javax.net.ssl.*;
import java.io.BufferedReader;
import java.io.DataOutputStream;
import java.io.FileInputStream;
import java.io.InputStreamReader;
import java.net.URL;
import java.security.KeyStore;
public class MutualAuthHttpClient {
private static final String KEYSTORE_TYPE = "JKS";
private static final String KEYSTORE_PASSWORD = "password";
private static final String TRUSTSTORE_TYPE = "JKS";
private static final String TRUSTSTORE_PASSWORD = "password";
private static final String KEY_MANAGER_ALGORITHM = "SunX509";
private static final String SSL_CONTEXT_PROTOCOL = "TLS";
public static void main(String[] args) throws Exception {
String endpointUrl = "endpoint";
String keystoreFilePath = "path/to/keystore";
String truststoreFilePath = "path/to/keystore";
KeyStore keyStore = KeyStore.getInstance(KEYSTORE_TYPE);
keyStore.load(new FileInputStream(keystoreFilePath), KEYSTORE_PASSWORD.toCharArray());
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KEY_MANAGER_ALGORITHM);
keyManagerFactory.init(keyStore, KEYSTORE_PASSWORD.toCharArray());
KeyStore trustStore = KeyStore.getInstance(TRUSTSTORE_TYPE);
trustStore.load(new FileInputStream(truststoreFilePath), TRUSTSTORE_PASSWORD.toCharArray());
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(KEY_MANAGER_ALGORITHM);
trustManagerFactory.init(trustStore);
SSLContext sslContext = SSLContext.getInstance(SSL_CONTEXT_PROTOCOL);
sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
HttpsURLConnection.setDefaultHostnameVerifier((String hostname, SSLSession session) -> true);
URL url = new URL(endpointUrl);
HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();
connection.setRequestMethod("POST");
connection.setRequestProperty("Content-Type", "application/json");
connection.setDoOutput(true);
DataOutputStream outputStream = new DataOutputStream(connection.getOutputStream());
outputStream.flush();
outputStream.close();
BufferedReader in = new BufferedReader(new InputStreamReader(connection.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
}
}
Rob Elliot
03/02/2023, 3:57 PMenableBrowserProxying(true)
when you configured WireMock, so presumably instead you are configuring a specific stub to proxy to the endpoint, and calling WireMock directly)Alessandro Bramati
03/02/2023, 4:29 PMRob Elliot
03/02/2023, 4:30 PMAlessandro Bramati
03/03/2023, 7:17 AMRob Elliot
03/03/2023, 8:39 AMAlessandro Bramati
03/03/2023, 9:21 AMwireMockConfiguration = options()
.disableRequestJournal()
.usingFilesUnderDirectory(rootFolder)
.port(Integer.parseInt(getProperty("port")))
.adminAuthenticator(getAdminAuthenticator())
.jettyAcceptors(Integer.parseInt(getPropertyOrDefault("acceptor.threads", DEFAULT_ACCEPTOR_THREADS)))
.keystorePath(getProperty("keystore.path"))
.keystorePassword(getProperty("keystore.password"))
.trustStorePath(getProperty("keystore.path"))
.trustStorePassword(getProperty("keystore.password"))
//.notifier(new ConsoleNotifier(true))
.extensions(
new AdminRequestLoggingFilter(),
new ServiceRequestLoggingFilter(),
new ServiceResponseLoggingFilter(),
new ResponseTemplateTransformer(true));
I forced the truststore reading the keystore and I trusted the root CA in my cacerts. If I don't set the truststore (even wrong) it doesn't work throwing this error:
SSL failure trying to make a proxied request from WireMock to *endpoint*
Received fatal alert: handshake_failure
I found a similar problem here: https://groups.google.com/g/wiremock-user/c/SugVgCVypssRob Elliot
03/15/2023, 9:47 AMAlessandro Bramati
03/16/2023, 9:28 AM