Make wiremock accept any certificate

[debraj-manna]

Hi,

I have defined a https stub in wiremock as follows:-

public class HttpsMockMain {
    public static void main(String[] args) {
        WireMockServer mockServer = new WireMockServer(56789, 8443);
            addStub(mockServer);
            mockServer.start();
    }
    private static void addStub(WireMockServer mockServer) {
        ResponseDefinitionBuilder responseBuilder = aResponse().withStatus(200).withBody(
        "{\"message\":null,\"httpStatus\":0,\"status\":{\"httpStatusCode\":200,\"success\":true,\"errors\":[]},\"_metaData\":{\"urlParams\":{}},\"debugData\":null,\"data\":[\"01125851014\",\"01125851014\",\"debraj.manna@jabong.com\",\"03325853088\",\"03325853088\",\"debraj.manna@rediffmail.com\"],\"httpStatusToBeReturned\":200}");
        mockServer.stubFor(post(urlPathEqualTo("/oms-api/")).willReturn(responseBuilder));
    }
}

Whenever I am sending a POST request to https://localhost:8443/oms-api/ I am getting the below exception:-

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Is it possible to tell WireMock to accept any certificate? I am on wiremock 1.58 and java 1.8

[tomakehurst]

Can you post the full stack trace? I can't understand why you'd even need a cert in this instance.

[debraj-manna]

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394)
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353)
    at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:134)
    at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353)
    at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380)
    at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
    at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)
    at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)
    at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
    at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)
    at org.apache.camel.component.http4.HttpProducer.executeMethod(HttpProducer.java:278)
    at org.apache.camel.component.http4.HttpProducer.process(HttpProducer.java:164)
    at org.apache.camel.util.AsyncProcessorConverterHelper$ProcessorToAsyncProcessorBridge.process(AsyncProcessorConverterHelper.java:61)
    at org.apache.camel.processor.CamelInternalProcessor.process(CamelInternalProcessor.java:190)
    at org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:109)
    at org.apache.camel.processor.UnitOfWorkProducer.process(UnitOfWorkProducer.java:68)
    at org.apache.camel.impl.ProducerCache$2.doInProducer(ProducerCache.java:412)
    at org.apache.camel.impl.ProducerCache$2.doInProducer(ProducerCache.java:380)
    at org.apache.camel.impl.ProducerCache.doInProducer(ProducerCache.java:270)
    at org.apache.camel.impl.ProducerCache.sendExchange(ProducerCache.java:380)
    at org.apache.camel.impl.ProducerCache.send(ProducerCache.java:238)
    at org.apache.camel.impl.DefaultProducerTemplate.send(DefaultProducerTemplate.java:128)
    at org.apache.camel.impl.DefaultProducerTemplate.send(DefaultProducerTemplate.java:115)
    at org.apache.camel.impl.DefaultProducerTemplate.request(DefaultProducerTemplate.java:297)
    at com.jabong.orchestratorservice.basecomponent.http.BaseCamelHTTPComponent.makeHttpRequest(BaseCamelHTTPComponent.java:116)
    at com.jabong.orchestratorservice.basecomponent.http.BaseCamelHTTPComponent.call(BaseCamelHTTPComponent.java:87)
    at com.jabong.orchestratorservice.basecomponent.node.HttpWFNode.executeRequest(HttpWFNode.java:131)
    at com.jabong.orchestratorservice.basecomponent.node.HttpWFNode.executeWithRetry(HttpWFNode.java:119)
    at com.jabong.orchestratorservice.basecomponent.node.HttpWFNode.executeWithRetry(HttpWFNode.java:49)
    at com.jabong.orchestratorservice.basecomponent.node.HttpWFNode.execute(HttpWFNode.java:43)
    at com.jabong.orchestratorservice.adapter.order.executor.UpdateOrderInSCExecutor.execute(UpdateOrderInSCExecutor.java:46)
    at com.jabong.orchestratorservice.adapter.order.OrderHelper.updateOrderInfo(OrderHelper.java:65)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.apache.camel.component.bean.MethodInfo.invoke(MethodInfo.java:408)
    at org.apache.camel.component.bean.MethodInfo$1.doProceed(MethodInfo.java:279)
    at org.apache.camel.component.bean.MethodInfo$1.proceed(MethodInfo.java:252)
    at org.apache.camel.component.bean.BeanProcessor.process(BeanProcessor.java:177)
    at org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:109)
    at org.apache.camel.component.bean.BeanProcessor.process(BeanProcessor.java:68)
    at org.apache.camel.component.bean.BeanProducer.process(BeanProducer.java:38)
    at org.apache.camel.processor.SendProcessor.process(SendProcessor.java:141)
    at org.apache.camel.management.InstrumentationProcessor.process(InstrumentationProcessor.java:77)
    at org.apache.camel.processor.RedeliveryErrorHandler.process(RedeliveryErrorHandler.java:460)
    at org.apache.camel.processor.CamelInternalProcessor.process(CamelInternalProcessor.java:190)
    at org.apache.camel.processor.DelayProcessorSupport.process(DelayProcessorSupport.java:160)
    at org.apache.camel.management.InstrumentationProcessor.process(InstrumentationProcessor.java:77)
    at org.apache.camel.processor.RedeliveryErrorHandler.process(RedeliveryErrorHandler.java:460)
    at org.apache.camel.processor.CamelInternalProcessor.process(CamelInternalProcessor.java:190)
    at org.apache.camel.processor.CamelInternalProcessor.process(CamelInternalProcessor.java:190)
    at org.apache.camel.component.direct.DirectProducer.process(DirectProducer.java:62)
    at org.apache.camel.processor.CamelInternalProcessor.process(CamelInternalProcessor.java:190)
    at org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:109)
    at org.apache.camel.processor.UnitOfWorkProducer.process(UnitOfWorkProducer.java:68)
    at org.apache.camel.impl.ProducerCache$2.doInProducer(ProducerCache.java:412)
    at org.apache.camel.impl.ProducerCache$2.doInProducer(ProducerCache.java:380)
    at org.apache.camel.impl.ProducerCache.doInProducer(ProducerCache.java:270)
    at org.apache.camel.impl.ProducerCache.sendExchange(ProducerCache.java:380)
    at org.apache.camel.impl.ProducerCache.send(ProducerCache.java:238)
    at org.apache.camel.impl.DefaultProducerTemplate.send(DefaultProducerTemplate.java:128)
    at org.apache.camel.impl.DefaultProducerTemplate.sendBody(DefaultProducerTemplate.java:132)
    at org.apache.camel.impl.DefaultProducerTemplate.sendBody(DefaultProducerTemplate.java:149)
    at org.apache.camel.impl.DefaultProducerTemplate.requestBody(DefaultProducerTemplate.java:301)
    at org.apache.camel.impl.DefaultProducerTemplate.requestBody(DefaultProducerTemplate.java:331)
    at com.jabong.orchestratorservice.basecomponent.processor.AbstractProcessor.makeRequest(AbstractProcessor.java:47)
    at com.jabong.orchestratorservice.basecomponent.processor.JSONRPCProcessor.processRequest(JSONRPCProcessor.java:165)
    at com.jabong.orchestratorservice.basecomponent.processor.JSONRPCProcessor.processRequestAndSendResponse(JSONRPCProcessor.java:130)
    at com.jabong.orchestratorservice.basecomponent.processor.JSONRPCProcessor.process(JSONRPCProcessor.java:71)
    at org.apache.camel.processor.DelegateSyncProcessor.process(DelegateSyncProcessor.java:63)
    at org.apache.camel.management.InstrumentationProcessor.process(InstrumentationProcessor.java:77)
    at org.apache.camel.processor.RedeliveryErrorHandler.process(RedeliveryErrorHandler.java:460)
    at org.apache.camel.processor.CamelInternalProcessor.process(CamelInternalProcessor.java:190)
    at org.apache.camel.processor.CamelInternalProcessor.process(CamelInternalProcessor.java:190)
    at org.apache.camel.component.jetty.CamelContinuationServlet.service(CamelContinuationServlet.java:170)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
    at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:808)
    at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:587)
    at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
    at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
    at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
    at org.eclipse.jetty.server.Server.handle(Server.java:499)
    at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:310)
    at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
    at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540)
    at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
    at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)
    at java.lang.Thread.run(Thread.java:745)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
    at sun.security.validator.Validator.validate(Validator.java:260)
    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
    ... 100 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
    ... 106 more

[tomakehurst]

Ah, so this is coming from your calling code.

Unfortunately, this isn't an issue with WireMock, it's your client code rejecting WireMock's self-signed certificate (which it will rightly do, unless you've explicitly configured it otherwise). You have a couple of options here:

1. Configure your code (in your test setup) to trust the certificate in the keystore file in the root of the WireMock JAR.
2. Create your own keystore + certificate which is trusted by your HTTP client and tell WireMock to use that (you'll need to use the wireMockConfig() style of constructor for WireMockServer)

[debraj-manna]

Thanks Tom.

I have a query which is not related to wiremock. Is there a way I can know
which keystore + certificate trusted by my HttpClient? I have not set-up
any keystore + certificate in my HttpClient code.

Sent from GMail on Android
On May 1, 2016 4:48 PM, "Tom Akehurst" notifications@github.com wrote:

Ah, so this is coming from your calling code.

Unfortunately, this isn't an issue with WireMock, it's your client code
rejecting WireMock's self-signed certificate (which it will rightly do,
unless you've explicitly configured it otherwise). You have a couple of
options here:

1. Configure your code (in your test setup) to trust the certificate in the
   keystore file in the root of the WireMock JAR.
2. Create your own keystore + certificate which is trusted by your HTTP
   client and tell WireMock to use that (you'll need to use the
   wireMockConfig() style of constructor for WireMockServer)

—
You are receiving this because you authored the thread.
Reply to this email directly or view it on GitHub
https://github.com/tomakehurst/wiremock/issues/396#issuecomment-216035501

[tomakehurst]

By default your HTTP client will use the JVM's trust store, and therefore trust certs signed by the root certificate authorities (much like your web browser).

To override this behaviour, you need to configure your HTTP client with an SSLContext (this is one way of doing it at least). I've found a few good stackoverflow posts about this, so I'd suggest starting there.

[debraj-manna]

Thanks again Tom.

Sent from GMail on Android
On May 1, 2016 6:00 PM, "Tom Akehurst" notifications@github.com wrote:

By default your HTTP client will use the JVM's trust store, and therefore
trust certs signed by the root certificate authorities (much like your web
browser).

To override this behaviour, you need to configure your HTTP client with an
SSLContext (this is one way of doing it at least). I've found a few good
stackoverflow posts about this, so I'd suggest starting there.

—
You are receiving this because you authored the thread.
Reply to this email directly or view it on GitHub
https://github.com/tomakehurst/wiremock/issues/396#issuecomment-216038867

[nareshk-gs]

Hi Tom,

I am looking to override the cert with my application keystore in stand alone.

java -jar wiremock-standalone-*.jar --https-port 8443 --https-require-client-cert --https-keystore keystore --https-truststore keystore --verbose

I have wiremock jar and my keystore file in the same directory. It seems I am missing something here, but unable to make out whats going wrong. Below is what I see when I execute the above.

2017-11-22 11:46:32.326 Verbose logging enabled Exception in thread "main" java.lang.NullPointerException at com.github.tomakehurst.wiremock.common.KeyStoreSettings.loadStore(KeyStoreSettings.java:49) at com.github.tomakehurst.wiremock.http.HttpClientFactory.buildSSLContextWithTrustStore(HttpClientFactory.java:81) at com.github.tomakehurst.wiremock.http.HttpClientFactory.createClient(HttpClientFactory.java:71) at com.github.tomakehurst.wiremock.http.ProxyResponseRenderer.<init>(ProxyResponseRenderer.java:55) at com.github.tomakehurst.wiremock.core.WireMockApp.buildStubRequestHandler(WireMockApp.java:126) at com.github.tomakehurst.wiremock.WireMockServer.<init>(WireMockServer.java:72) at com.github.tomakehurst.wiremock.standalone.WireMockServerRunner.run(WireMockServerRunner.java:65) at com.github.tomakehurst.wiremock.standalone.WireMockServerRunner.main(WireMockServerRunner.java:113)

Can you help me with what is missing...?
Thanks in advance :)

[benzaremean]

@nareshk-gs did you manage to get a resolution for this?

[afilina]

@tomakehurst Can you please elaborate on this? There's wiremock in my project and I have no idea how to do what you're asking: Configure your code (in your test setup) to trust the certificate in the keystore file in the root of the WireMock JAR.

[tomakehurst]

@afilina it depends which HTTP client you're using, but you can do it with the Apache client like this:
https://github.com/tomakehurst/wiremock/blob/master/src/test/java/com/github/tomakehurst/wiremock/HttpsAcceptanceTest.java#L301

[paulpladziewicz]

hitting the endpoint in the browser (https://localhost:8443/, for example), and clicking proceed when the unsafe message shows worked for me (can also type, thisisunsafe).