Set SSL Keystore using Groovy on Test Step level
On the Project Level i have setup the Keystore. Now i want to be able to Select this on Test Step Level using Groovy. In the Step : Select SSL on Test Step i wrote a groovy to do the same but it is failing. import com.eviware.soapui.impl.rest.RestMethod import com.eviware.soapui.impl.rest.RestRequestInterface.HttpMethod import com.eviware.soapui.impl.rest.RestResource import com.eviware.soapui.impl.wsdl.support.wss.WssCrypto import com.eviware.soapui.impl.wsdl.teststeps.RestTestRequestStep import com.eviware.soapui.impl.wsdl.support.wss.crypto.CryptoType def step = testRunner.testCase.testSteps['GET - TEST'].testRequest log.info step.getSslKeystore() // This step works fine and reads the Keystore Selected on the Test Step (if any) step.setSslKeystore( 'keystore.jks') // This step does not work and gives error message Error : groovy.lang.MissingMethodException: No signature of method: com.eviware.soapui.impl.wsdl.teststeps.RestTestRequest.setSslKeystore() is applicable for argument types: (java.lang.String) values: [keystore.jks] Possible solutions: setSslKeystore(com.eviware.soapui.impl.wsdl.support.wss.WssCrypto), getSslKeystore() error at line: 13 Please note that my tests require for me to be able to select & deselect the SSL Keystore for a test step dynamically (through groovy) based on the environment i am running my tests on .. (for ex : QA , UAT etc)Solved5KViews0likes8CommentsSoapUI WCF using SSL certificate
After looking around the forums and the internet in general, I was unable to find anything that answered my problem, so I have resorted to placing my question here. Firstly, sorry if this has already had a answer supplied. My problem is this. I have an existing C# WCF service hosting in IIS and secured by an SSL. This is working code and is currently in our Live, UAT, Test and Development environments. I have been asked to use SoapUI for testing firstly on existing services and any new services that we are about to build. So far, I have created the project by supplying the WDSL, setup the keystore with the SSL cert, created an outgoing and incoming WS-Sec config. When in the request, I have created a basic authorization using the defined outgoing and incoming configs created above. After clicking on the submit button, I get the following response. <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing"> <s:Header> <a:Action s:mustUnderstand="1">http://www.w3.org/2005/08/addressing/soap/fault</a:Action> </s:Header> <s:Body> <s:Fault> <s:Code> <s:Value>s:Sender</s:Value> <s:Subcode> <s:Value xmlns:a="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">a:InvalidSecurity</s:Value> </s:Subcode> </s:Code> <s:Reason> <s:Text xml:lang="en-GB">An error occurred when verifying security for the message.</s:Text> </s:Reason> </s:Fault> </s:Body> </s:Envelope> I did see an article that inferred that I should switchthe 'Enable WS_A addressing' switch off. I did this, but this just caused the submit request to timeout. I have checked that the service is running by viewing the WSDL from the IIS server and also using the application to call the service and all is OK. I am sure that I missed a simple step, so would be grateful for any help. Thanks Paul. P.S. I have just tried what is described in the following link and it still does not work: Update vmoptions file Came across this article: Message Security Sam's comments about: <serviceSecurityAudit auditLogLocation="Application" serviceAuthorizationAuditLevel="Failure" messageAuthenticationAuditLevel="Failure" suppressAuditFailure="true"/> Worked great. On looking at the Application Evnt Log the following message was recorded: The description for Event ID 4 from source ServiceModel Audit 4.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: http://localhost:57978/WCFService.svc http://docs.oasis-open.org/ws-rx/wsrm/200702/CreateSequence <null> MessageSecurityException: Security processor was unable to find a security header in the message. This might be because the message is an unsecured fault or because there is a binding mismatch between the communicating parties. This can occur if the service is configured for security and the client is not using security. The locale specific resource for the desired message is not present Which leads me back to the fact that I have missed comething. Ay ideas?3.2KViews0likes2CommentsLack of secure connection for repository
I had asked via twitter awhile back if your URLhttp://smartbearsoftware.com/repository/maven2/ had an equivalent secure address. I was told no. I work at large company that utilizes many of your libraries. We would request that you buy a certificate and setup secure connection for downloads. As a bonus, it would be even better if every download had a file hash that we can compare against after downloading to make sure we received a legit copy. The first part of request wouldn't take much time at all, and will begin a great start at providing secure downloads of all your libraries. Thoughts Smartbear people? Thanks!Solved3.1KViews0likes3Commentsjavax.net.ssl.SSLHandshakeException: Received fatal alert: unsupported_certificate
I am receiving the error:javax.net.ssl.SSLHandshakeException: Received fatal alert: unsupported_certificate. Background information: ReadyAPI is configured for SSL using Certificate Store with "Use Windows Certificate Store" and Client authentication with "Requires client authentication". Windows certificate store contains 4 valid certificates from a single smart card. All 4 certificates are from the same issuer. Each certificate has a set of "Intended Purpose". Examples: Cert1 - PIV Authentication Cert2 - Time Stamping, Server Auth, Client Auth, Secure Email Cert3 - Secure Email Cert4 - Client Authentication The target webserver is prompting the client for a certificate from a list of authorities. All 4 certificates are valid based on the server requirements. Problem: ReadyAPI is correctly pulling all 4 client certificates from the Windows store. It properly matches them up to only get the ones that meet the requirements of the server. However, not all certificates have the proper intended purpose. The problem is that 4 certificates meet the server requirements and the client is not allowing the user to choose the certificate or match the certificate with the right "intended purpose". In addition, the client does not retry the other 3 certificates. As a result, the client is sending Cert3 (Secure Email) instead of sending Cert1. Is there a way to force the client to choose the right certificate? Or is there a java option that will statically assign the certificate? Here is a snippet from the client log with logging at a high level. javax.net.ssl|DEBUG|05 C0|Thread-84|2020-10-28 14:45:38.494 CDT|CertificateRequest.java:653|Consuming CertificateRequest handshake message ( "CertificateRequest": { "certificate types": [rsa_sign, dss_sign, ecdsa_sign] "supported signature algorithms": [rsa_pkcs1_sha512, dsa_sha512, ecdsa_secp521r1_sha512, rsa_pkcs1_sha384, dsa_sha384, ecdsa_secp384r1_sha384, rsa_pkcs1_sha256, dsa_sha256, ecdsa_secp256r1_sha256, rsa_sha224, dsa_sha224, ecdsa_sha224, rsa_pkcs1_sha1, dsa_sha1, ecdsa_sha1] "certificate authorities": [OU=ABC123, O=XYZ, C=XX, ...] } ) javax.net.ssl|DEBUG|05 C0|Thread-84|2020-10-28 14:45:38.498 CDT|SunX509KeyManagerImpl.java:401|matching alias: Cert2 javax.net.ssl|DEBUG|05 C0|Thread-84|2020-10-28 14:45:38.499 CDT|SunX509KeyManagerImpl.java:401|matching alias: Cert4 javax.net.ssl|DEBUG|05 C0|Thread-84|2020-10-28 14:45:38.499 CDT|SunX509KeyManagerImpl.java:401|matching alias: Cert3 javax.net.ssl|DEBUG|05 C0|Thread-84|2020-10-28 14:45:38.499 CDT|SunX509KeyManagerImpl.java:401|matching alias: Cert1 javax.net.ssl|DEBUG|05 C0|Thread-84|2020-10-28 14:45:38.499 CDT|ServerHelloDone.java:142|Consuming ServerHelloDone handshake message ( ... .... ... javax.net.ssl|ERROR|05 C0|Thread-84|2020-10-28 14:45:43.899 CDT|TransportContext.java:312|Fatal (UNSUPPORTED_CERTIFCATE): Received fatal alert: unsupported_certificate ( "throwable" : { javax.net.ssl.SSLHandshakeException: Received fatal alert: unsupported_certificate at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131) at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:307) at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:285) at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:180)1.3KViews0likes1Comment