[Webtest] Canoo Webtest and SSL Client Authentication

Goeschl Siegfried webtest@lists.canoo.com
Thu, 21 Nov 2002 11:10:12 +0100


Hi Carsten,

after some thought I decided to follow the standard:

+) created a certificate sign request with keytool and sent it to our CA
+) added the certificate of the CA into cacerts
+) imported the answer into a keystore
+) changed the configuration of IIS to use basic authentication over SSL =
instead of a client cert
+) and got it running ... :-)


Thanks

Siegfried Goeschl

-----Original Message-----
From: webtest-admin@lists.canoo.com
[mailto:webtest-admin@lists.canoo.com]On Behalf Of Carsten Seibert
Sent: Friday, November 15, 2002 10:20 AM
To: webtest@lists.canoo.com
Subject: RE: [Webtest] Canoo Webtest and SSL Client Authentication


Hi Siegfried,

If you use a non-JSSE keystore, you must have keystore-specific code =
that allows you to access it and extract the X509 client certificate. I =
was having the same problem wih Entrust/IAIK and had to write a custom =
connection initializer that uses the Entrust-specific code to obtain the =
certificate. It also sets up the SSL context by itself since we are =
using IAIK instead of JSSE. This caused some problems with HttpUnit =
since JSSE is hardwired if the protocol is HTTPS. I had to make a =
special non-JSSE version of HttpUnit that also handles the response =
headers in a particular way (different from JSSE).

But after lots of digging into the depths of SSL and learning something =
about certifcates I got it up and running.

Ciao,
Carsten

Carsten Seibert
seiberTEC GmbH Switzerland
mailto:seibert@seibertec.ch  / phone: +41 79 636 4317


> -----Original Message-----
> From: webtest-admin@lists.canoo.com=20
> [mailto:webtest-admin@lists.canoo.com]On Behalf Of Goeschl Siegfried
> Sent: Montag, 11. November 2002 13:58
> To: webtest@lists.canoo.com
> Cc: EPugh@upstate.com
> Subject: [Webtest] Canoo Webtest and SSL Client Authentication
>=20
>=20
> Hi folks,
>=20
> I'm currently integrating Canoo Webtest into MAVEN=20
> (http://jakarta.apache.org/turbine/maven/) and have a=20
> JSSE/Canoo question:
>=20
> Is it possible to use SSL with client authentication with=20
> Canoo Webtest ?! As far as I know it is impossible to import=20
> the client.pfx into a keystore but I think it should be=20
> possible to use the PFX as keystore. But I get an invalid key=20
> store format ... any ideas.
>=20
> If use only the public key of the client in the client=20
> keystore I get "HTTP 403 - Access forbidden"
>=20
>=20
> Environment
> =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
>=20
> +) I set up the trust.keystore with the server certificate
> +) I'm using the latest Canoo Webtest (Build 256)
> +) I'm using the included JSSE jars=20
> +) I'm running on Windows 2000 Server
>=20
>=20
> Stacktrace
> =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
>=20
> webtest:test:
>     [echo] Starting Canoo Webtest ...
>     [echo] Processing testSampleGF.xml
>     [java] Buildfile:=20
> C:\DEVELOP\MAKLERPLATTFORM\JAVADEV\SampleGF\webtest\testSampleGF.xml
>     [java]
>     [java] testQueryVertrag:
>     [java]  [testSpec] Using Custom ConnectionInitializer:=20
> com.canoo.webtest.security.SunJsseClientA
> uthConnectionInitializer
>     [java]  [testSpec] Ext property:=20
> webtest.truststore.file=3Dwebtest/certs/trust.keystore
>     [java]  [testSpec] Ext property:=20
> webtest.truststore.passphrase=3Dtogether
>     [java]  [testSpec] Ext property:=20
> webtest.keystore.file=3Dwebtest/certs/client.pfx
>     [java]  [testSpec] Ext property: =
webtest.keystore.passphrase=3Dtest
>     [java]  [testSpec] Ext property:=20
> webtest.keystore.alias=3Dbenutzermakler
>     [java]  [testSpec] java.io.IOException: Invalid keystore format
>     [java]  [testSpec]  at=20
> sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:609)
>     [java]  [testSpec]  at=20
> java.security.KeyStore.load(KeyStore.java:613)
>     [java]  [testSpec]  at=20
> com.canoo.webtest.security.SunJsseClientAuthConnectionInitiali
> zer.getKeyM
> anagers(SunJsseClientAuthConnectionInitializer.java:24)
>     [java]  [testSpec]  at=20
> com.canoo.webtest.security.SunJsseBaseConnectionInitializer.in
> stallTrustA
> ndKeyManager(SunJsseBaseConnectionInitializer.java:82)
>     [java]  [testSpec]  at=20
> com.canoo.webtest.security.SunJsseBaseConnectionInitializer.in
> itializeCon
> nection(SunJsseBaseConnectionInitializer.java:38)
>     [java]  [testSpec]  at=20
> com.canoo.webtest.steps.Target.invokeCustomInitializerIfNeeded
> (Target.jav
> a:285)
>=20
>=20
>=20
> Thanks in advance
>=20
> Siegfried Goeschl
> _______________________________________________
> WebTest mailing list
> WebTest@lists.canoo.com
> http://lists.canoo.com/mailman/listinfo/webtest