stackoom
  简体   繁体   中英

Rest Assured, Java - using TLS/SSL certificate in post request

 原文  2022-08-02 07:08:33       java/ ssl/ postman/ rest-assured

Question

I red probably all answers regarding using the TLS certificate in Rest Assured, unfortunately with all of them I get an error message:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

But let's start from the beginning: I got from the service which I try to reach file.crt(certificate file is 2 way certificate - two way certificate ) and RSA private key (.key). Once I merged them to the one PKCS12 file with openssl:

openssl pkcs12 -export -out keystore.p12 -inkey MY_KEY.key -in MY_FILE.crt

and imported to the POSTMAN with configuration postman setting-1 , postman setting-2 . I get correct response.

Once I try to use it in the Java code:

RestAssured.config = RestAssured.config().sslConfig(new SSLConfig()
.keyStore("src/test/resources/testdata/sslCerts/keystore.p12", "PASSWORD"));

or

.given()
        .spec(new RequestSpecBuilder()
            .setAuth(RestAssured
                .certificate("src/test/resources/testdata/sslCerts/keystore.p12","PASSWORD",
                    CertificateAuthSettings
                        .certAuthSettings()
                        .keyStoreType("pkcs12")
                        )).build())

I get the error from above. When I try to use for example relaxed HTTPs/allow all host names or disable SSL verification I get response:

RestAssured.config = RestAssured.config().sslConfig(new SSLConfig()
        .allowAllHostnames()
        .relaxedHTTPSValidation());

I get the response from the server:

496 - Client TLS certificate missing - please provide a valid TLS client certificate to access this service

Do you have any info how can I use provided certificate as a server and client site validation certificate and get correct response from server?

1 answers

solution1
 0  2022-08-02 10:06:16

I think this could be caused by that you're configuring only a keystore, but not a truststore.

Key stores are typically used for keeping the keys or certs to provide to a third party. But for validating the provided certificates trust stores are used.

Try to do something like:

RestAssured.config = RestAssured.config().sslConfig(new SSLConfig()
.keyStore("src/test/resources/testdata/sslCerts/keystore.p12", "PASSWORD")
.trustStore("src/test/resources/testdata/sslCerts/keystore.p12", "PASSWORD"));

Your trust store has to contain the certificate that is returned by your service or the certificate chain that was used to sign service certificate.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to convert Json to Java for making POST request using rest assured Rest-Assured Java Post Request Java/REST-assured: how to use SSL certificate in code Parameterize Post Request payload using Rest Assured HTTP POST Request using Rest Assured (Example) SSL connect certificate trouble with Rest Assured Internal Server Error when making POST request using Rest Assured https request with rest assured in java How to send Request as Json Array in body for Post using REST Assured How to access SSL certificate secured Rest API with rest assured
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM