[Webtest] Canoo Webtest and SSL Client Authentication

Carsten Seibert webtest@lists.canoo.com
Fri, 15 Nov 2002 10:19:39 +0100


This is a multi-part message in MIME format.

------=_NextPart_000_000A_01C28C90.85D986C0
Content-Type: text/plain;
	charset="iso-8859-2"
Content-Transfer-Encoding: 7bit

Hi Siegfried,

If you use a non-JSSE keystore, you must have keystore-specific code that
allows you to access it and extract the X509 client certificate. I was
having the same problem wih Entrust/IAIK and had to write a custom
connection initializer that uses the Entrust-specific code to obtain the
certificate. It also sets up the SSL context by itself since we are using
IAIK instead of JSSE. This caused some problems with HttpUnit since JSSE is
hardwired if the protocol is HTTPS. I had to make a special non-JSSE version
of HttpUnit that also handles the response headers in a particular way
(different from JSSE).

But after lots of digging into the depths of SSL and learning something
about certifcates I got it up and running.

Ciao,
Carsten

Carsten Seibert
seiberTEC GmbH Switzerland
mailto:seibert@seibertec.ch  / phone: +41 79 636 4317


> -----Original Message-----
> From: webtest-admin@lists.canoo.com 
> [mailto:webtest-admin@lists.canoo.com]On Behalf Of Goeschl Siegfried
> Sent: Montag, 11. November 2002 13:58
> To: webtest@lists.canoo.com
> Cc: EPugh@upstate.com
> Subject: [Webtest] Canoo Webtest and SSL Client Authentication
> 
> 
> Hi folks,
> 
> I'm currently integrating Canoo Webtest into MAVEN 
> (http://jakarta.apache.org/turbine/maven/) and have a 
> JSSE/Canoo question:
> 
> Is it possible to use SSL with client authentication with 
> Canoo Webtest ?! As far as I know it is impossible to import 
> the client.pfx into a keystore but I think it should be 
> possible to use the PFX as keystore. But I get an invalid key 
> store format ... any ideas.
> 
> If use only the public key of the client in the client 
> keystore I get "HTTP 403 - Access forbidden"
> 
> 
> Environment
> ==============================================================
> ==================================
> 
> +) I set up the trust.keystore with the server certificate
> +) I'm using the latest Canoo Webtest (Build 256)
> +) I'm using the included JSSE jars 
> +) I'm running on Windows 2000 Server
> 
> 
> Stacktrace
> ==============================================================
> ==================================
> 
> webtest:test:
>     [echo] Starting Canoo Webtest ...
>     [echo] Processing testSampleGF.xml
>     [java] Buildfile: 
> C:\DEVELOP\MAKLERPLATTFORM\JAVADEV\SampleGF\webtest\testSampleGF.xml
>     [java]
>     [java] testQueryVertrag:
>     [java]  [testSpec] Using Custom ConnectionInitializer: 
> com.canoo.webtest.security.SunJsseClientA
> uthConnectionInitializer
>     [java]  [testSpec] Ext property: 
> webtest.truststore.file=webtest/certs/trust.keystore
>     [java]  [testSpec] Ext property: 
> webtest.truststore.passphrase=together
>     [java]  [testSpec] Ext property: 
> webtest.keystore.file=webtest/certs/client.pfx
>     [java]  [testSpec] Ext property: webtest.keystore.passphrase=test
>     [java]  [testSpec] Ext property: 
> webtest.keystore.alias=benutzermakler
>     [java]  [testSpec] java.io.IOException: Invalid keystore format
>     [java]  [testSpec]  at 
> sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:609)
>     [java]  [testSpec]  at 
> java.security.KeyStore.load(KeyStore.java:613)
>     [java]  [testSpec]  at 
> com.canoo.webtest.security.SunJsseClientAuthConnectionInitiali
> zer.getKeyM
> anagers(SunJsseClientAuthConnectionInitializer.java:24)
>     [java]  [testSpec]  at 
> com.canoo.webtest.security.SunJsseBaseConnectionInitializer.in
> stallTrustA
> ndKeyManager(SunJsseBaseConnectionInitializer.java:82)
>     [java]  [testSpec]  at 
> com.canoo.webtest.security.SunJsseBaseConnectionInitializer.in
> itializeCon
> nection(SunJsseBaseConnectionInitializer.java:38)
>     [java]  [testSpec]  at 
> com.canoo.webtest.steps.Target.invokeCustomInitializerIfNeeded
> (Target.jav
> a:285)
> 
> 
> 
> Thanks in advance
> 
> Siegfried Goeschl
> _______________________________________________
> WebTest mailing list
> WebTest@lists.canoo.com
> http://lists.canoo.com/mailman/listinfo/webtest

------=_NextPart_000_000A_01C28C90.85D986C0
Content-Type: application/ms-tnef;
	name="winmail.dat"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
	filename="winmail.dat"

eJ8+Ii4JAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcAGAAAAElQTS5NaWNy
b3NvZnQgTWFpbC5Ob3RlADEIAQ2ABAACAAAAAgACAAEGgAMADgAAANIHCwAPAAoAEwAAAAUAFQEB
A5AGAGQNAAAoAAAACwACAAEAAAALACMAAAAAAAMAJgAAAAAACwApAAAAAAADAC4AAAAAAAMANgAA
AAAAHgBwAAEAAAA2AAAAW1dlYnRlc3RdIENhbm9vIFdlYnRlc3QgYW5kIFNTTCBDbGllbnQgQXV0
aGVudGljYXRpb24AAAACAXEAAQAAABYAAAABwoyIH5vaGiAxH4RLQK408nqBblw1AAACAR0MAQAA
ABUAAABTTVRQOlNFSUJFUlRAQUNNLk9SRwAAAAALAAEOAAAAAEAABg4A2iYIiIzCAQIBCg4BAAAA
GAAAAAAAAACIRHwWvKv9QKmoRDD9adaCwoAAAAMAFA4BAAAACwAfDgEAAAACAQkQAQAAAJ8IAACb
CAAAnBIAAExaRnVVMYIlAwAKAHJjcGcxMjXjAtEDYXRleAVBAQMB9/8KgAKkA+QHEwKAD/MAUARW
NwhVB7IRJTIC4wIAY2jhCsBzZXQyBgAGwxEl9jMERhO3MBIsETMI7wn3tjsYHw4wNREiDGBjAFAz
CwkBZDM2FlALpiBINmkGAAiQZwNQCJBkLIcKogqECoBJZiB5CGCEIHUUECBhIG4CIAAtSlNTRSBr
ZUh5c3QFsGUsHqNtNx7wBUAT4HYfEB/mLXNucAWQBpAN4CAFoAEAIN50E+AFQAdAF7B3BCAesrMg
IB8gY2MHkAQgaSMB6G5kIA7BcgDQBUAi0NUfEFgOQDkicGwIkAIwGyJwBJB0IjIi8GUuIHBJIHdh
BCAhEQuAZ8klU3NhB4AgcANgAmCEZW0nQGloIEUCMIJyINEvSUFJSySTdxPgJMAj0XcFEA6wHyFj
5yDRA3AicW5uBZAmkAIgzyRgAwAmkAdAaXoSgSLT/x7xBCAlYilVIe4j4CiwAZDvC4AlUyZsIwJz
I+AUEQQgbHVwJVMfoEwrsg6zYrZ5JGEUEGwekACQbiQg/ydAHxEYIB7hJ8Ip0wuAIBA6ZSpxbx6Q
H5InEFRo+wQAInBhHvEkwDFwKGgEIM8D8CLQHOACQHBVLIEztfcfkzZxE+FkA/AYISRgHpAfJWIo
kSAgF5E5ckhUVPxQUycSKmUAwB/gHyEh8/8HQB9IITAUACwyNcE4RyLV/zFxE+AksCjQLbQYICHw
AiD/HwElcCpwPhEsYR8hCrEmkJ8rUAtgBcAnUDMwKGQGkJ5mBJAmIgNSNeMpLh3K/EJ1IwEBgBKB
F7AxwTXB+UMAZ2cnwguAI9ElYgEA/QUwaEXjMmIkoijQCsADAP8n0TcSItAnwgGgCGAmRibS+wQg
JzBnOuAkYjHxJKIpgFcr4CfBREtDBzBvHbVDPxPxDrALkExKTbQGUWliDyZxHcQUEE9yVEVDIPpH
BtBIBgA38SzxC2AksC8dxADAAxAgIDpQJHRAi1KVBZAuE9AgIC8ogAJoAiBlOiArNDEUIDcl0DYc
ICA0M4wxNx3KHcQ+IC1Wsi5PBRBGYT1BTSQxYWf3IdBWslY2RgNhVGA0IC+w1weQLnAqcG0LgEAm
ACAQ5nNToABwb29ToCuRVjZOW1IlWT9aSl1PA6BClmUT4DORTx6QR28HkH8T0AMgHSdWNgZgAjBU
YE0nAiFX0CBgMTEnEE5vLyEwBtASgQHQMBRAMTPoOjU4VjZUUnBZJloOCVY2Q2NUYEVQdWc8aEAx
8CAQJuJkqVN1TGJqLAFUYFtXXCRduxIgWoIgZ8UkkzJiQyYE/kFFICVwAjAmwiwxVjZrDmMc8QIQ
bGtzHbVraEnuJyuhCHBDUmwzMTLBCcAParEn0WhcRrNNQVZFEk5bByhoOFE6Ly/GajyQQhFhLmEK
sBPQoycABbBnL3QIcGILgIxlLwDAITBuLykqFa8hMR8wVjYfki9oVHEKUPsgECwxOm0fJFNA0AQQ
T3D/KNAjwh7yMmI38yX1NrBqSmc35GTXaGs/IRDABCBm9wrBJ2EnMGsfUAfgJHE2cX8HcHhKfoIA
IFsHMBMmAy74cGZ4RqQfMB/mMxBFIesnMEkyayRic1QgQmAkwI9PgFsHeE4lYlBGWH1yfx/mJxBF
EkqxFCAkkSxhdr8swSTAH+FbB4HkAhByAMD9BUAuiYAkkTMxAQAnYERF/215HpAe8gIgbsE6g2cw
JgD/ImCH8jXBgFhBoo1JVjaBt82G5CI7glUgMDNWoBDAlyQUiRFzoGQBAG4iaw/vVkUpUCewA2Bu
B4ACMFY2/j2Uz5Xflu+XmJRPma+YLn1WNit0UCcwFBEx5ilzLv+BtzfzKAMEkD4BJlqbym4h3zSU
JWILYGjjaFwoRRADEPMkwA4wNimf7yfGM9EKQP8BACTAH5NyQEGBo31LtYvB+2igC4BkI1JiARZQ
BmE+AeeSH1/mAZBjayUCn9eaP3+sr62/mp+rj7Dvmy9ZJjr3s1NWNrRiWwWQVCBoMKqB3yaBb4+J
gbP/aDBQA2AkIh8nw1xRBhB+kCjQR0Yu/HhtGAC22nJAh5BoMKLTHyJAKNBUYGTXdtBcREUxcQBM
T1C8IHDgS0wgRVJQTEE7kEZP1FJNvCBKcPBBvEG8IP+45rwgXBW8ILivub/Ar2gwxVxCUQpQcnlW
JnElEH5ns+y6dFuAv6MiAWgwVd00o0MrZAhQK+ZJLIi7aHda0VplXBUuFBBuUSRweVIuZyBuSgQQ
ZWm0Qb9WNmoxxs8s4sQPxRxFDtH3KJEiAAAgebtoyVYpc4Y01bsiPVwVLyZic3NgnVv/zU/OX89v
0H+GUgqwBBBUEPslEBQQPSAghwElcM0/1N//1e/W+YYH0c/S0ICY2Y/an//bqdzf2Fq/Ut/P4N/b
v+J/13KwJgAnYD1PgG5FICzxXzyBKNDZf8UNunIuLDAu/ElP5nAkIAUwdqInIIeI34i66i/FHB8g
f7hzS8DJyKcokSewBIEuSrqBSx/wj6qAhlIJ8EZhZUxvKnDWKPLrunI6HDA5o2fvX//wb+wEydfz
Jxew9DH0rWJQ//W/9s9/uMi/yc/K1cvPLLL7tsYs8S6HAfMhvbBWRQ2we1fRFAAo/78Azyzi9SQy
vjT7T/xf/W/+f/+IQtjB3wUvBjMbkYhHIyFUKYLLNz8ksALSA5QEBgvfBfw4Mv8G/wgPCR8KLws/
EP8NWiyWPxexDscsBBAPGA/1MzM4PxKfE68UvxXKKwBmAC5U531QhwENYXZvhgDGVMdp2YtgTmVf
sF+4KCIlunHzAxcGwDg1o2cmn2K2P+H7bOBBo2SHkDPhqY9fVl62fbbGXyw/LU8uGrbGZ8FU/2jy
UiI0sloSLy1j31ZFcdX/Wh1z4aLwUiB0MFoSV0CRcBYvvxZVg302sAAeAEIQAQAAAEEAAAA8NUMw
RDFEOUYzMjY5QjM0OUFGNjg5RTFEQkRDRTIwRkYyM0RCN0JAdDAwMXM2LnQwMDFkLnRvZ3RlYW0u
YXQ+AAAAAAMACVkBAAAACwAAgAggBgAAAAAAwAAAAAAAAEYAAAAAA4UAAAAAAAADAAKACCAGAAAA
AADAAAAAAAAARgAAAAAQhQAAAAAAAAMAB4AIIAYAAAAAAMAAAAAAAABGAAAAAFKFAAAnagEAHgAJ
gAggBgAAAAAAwAAAAAAAAEYAAAAAVIUAAAEAAAAEAAAAOS4wAB4ACoAIIAYAAAAAAMAAAAAAAABG
AAAAADaFAAABAAAAAQAAAAAAAAAeAAuACCAGAAAAAADAAAAAAAAARgAAAAA3hQAAAQAAAAEAAAAA
AAAAHgAMgAggBgAAAAAAwAAAAAAAAEYAAAAAOIUAAAEAAAABAAAAAAAAAAsAEYAIIAYAAAAAAMAA
AAAAAABGAAAAAAaFAAAAAAAAAwASgAggBgAAAAAAwAAAAAAAAEYAAAAAAYUAAAAAAAALABuACCAG
AAAAAADAAAAAAAAARgAAAAAOhQAAAAAAAAMAHIAIIAYAAAAAAMAAAAAAAABGAAAAABGFAAAAAAAA
AwAegAggBgAAAAAAwAAAAAAAAEYAAAAAGIUAAAAAAAACAfgPAQAAABAAAACIRHwWvKv9QKmoRDD9
adaCAgH6DwEAAAAQAAAAiER8Fryr/UCpqEQw/WnWggIB+w8BAAAAkAAAAAAAAAA4obsQBeUQGqG7
CAArKlbCAABtc3BzdC5kbGwAAAAAAE5JVEH5v7gBAKoAN9luAAAAQzpcRG9jdW1lbnRzIGFuZCBT
ZXR0aW5nc1xjc1xMb2NhbCBTZXR0aW5nc1xBcHBsaWNhdGlvbiBEYXRhXE1pY3Jvc29mdFxPdXRs
b29rXG1haWxib3gucHN0AAMA/g8FAAAAAwANNP03AAACAX8AAQAAADEAAAAwMDAwMDAwMDg4NDQ3
QzE2QkNBQkZENDBBOUE4NDQzMEZENjlENjgyODREMjQ1MDAAAAAAAwAGEAsQ7A0DAAcQBQwAAAMA
EBAAAAAAAwAREAAAAAAeAAgQAQAAAGUAAABISVNJRUdGUklFRCxJRllPVVVTRUFOT04tSlNTRUtF
WVNUT1JFLFlPVU1VU1RIQVZFS0VZU1RPUkUtU1BFQ0lGSUNDT0RFVEhBVEFMTE9XU1lPVVRPQUND
RVNTSVRBTkRFWFRSAAAAADoA

------=_NextPart_000_000A_01C28C90.85D986C0--