Set SSL Keystore using Groovy on Test Step level
On the Project Level i have setup the Keystore. Now i want to be able to Select this on Test Step Level using Groovy. In the Step : Select SSL on Test Step i wrote a groovy to do the same but it is failing. import com.eviware.soapui.impl.rest.RestMethod import com.eviware.soapui.impl.rest.RestRequestInterface.HttpMethod import com.eviware.soapui.impl.rest.RestResource import com.eviware.soapui.impl.wsdl.support.wss.WssCrypto import com.eviware.soapui.impl.wsdl.teststeps.RestTestRequestStep import com.eviware.soapui.impl.wsdl.support.wss.crypto.CryptoType def step = testRunner.testCase.testSteps['GET - TEST'].testRequest log.info step.getSslKeystore() // This step works fine and reads the Keystore Selected on the Test Step (if any) step.setSslKeystore( 'keystore.jks') // This step does not work and gives error message Error : groovy.lang.MissingMethodException: No signature of method: com.eviware.soapui.impl.wsdl.teststeps.RestTestRequest.setSslKeystore() is applicable for argument types: (java.lang.String) values: [keystore.jks] Possible solutions: setSslKeystore(com.eviware.soapui.impl.wsdl.support.wss.WssCrypto), getSslKeystore() error at line: 13 Please note that my tests require for me to be able to select & deselect the SSL Keystore for a test step dynamically (through groovy) based on the environment i am running my tests on .. (for ex : QA , UAT etc)
SSL Certificate verification missing
Hi Community, I've been trying to get SoapUI 5.5. (OpenSource) to verify and reject my self-signed ssl server certificate for security reasons (self-signed, not trusted), just like other clients do. Where can I switch the behavior between test and live environment? I need the verification enabled. In my case soapui just accepts the connection and does not even notify about any security issues. I have searched the database but didn't find much information. Thanks in advance.
SoapUI WCF using SSL certificate
After looking around the forums and the internet in general, I was unable to find anything that answered my problem, so I have resorted to placing my question here. Firstly, sorry if this has already had a answer supplied. My problem is this. I have an existing C# WCF service hosting in IIS and secured by an SSL. This is working code and is currently in our Live, UAT, Test and Development environments. I have been asked to use SoapUI for testing firstly on existing services and any new services that we are about to build. So far, I have created the project by supplying the WDSL, setup the keystore with the SSL cert, created an outgoing and incoming WS-Sec config. When in the request, I have created a basic authorization using the defined outgoing and incoming configs created above. After clicking on the submit button, I get the following response. <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing"> <s:Header> <a:Action s:mustUnderstand="1">http://www.w3.org/2005/08/addressing/soap/fault</a:Action> </s:Header> <s:Body> <s:Fault> <s:Code> <s:Value>s:Sender</s:Value> <s:Subcode> <s:Value xmlns:a="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">a:InvalidSecurity</s:Value> </s:Subcode> </s:Code> <s:Reason> <s:Text xml:lang="en-GB">An error occurred when verifying security for the message.</s:Text> </s:Reason> </s:Fault> </s:Body> </s:Envelope> I did see an article that inferred that I should switchthe 'Enable WS_A addressing' switch off. I did this, but this just caused the submit request to timeout. I have checked that the service is running by viewing the WSDL from the IIS server and also using the application to call the service and all is OK. I am sure that I missed a simple step, so would be grateful for any help. Thanks Paul. P.S. I have just tried what is described in the following link and it still does not work: Update vmoptions file Came across this article: Message Security Sam's comments about: <serviceSecurityAudit auditLogLocation="Application" serviceAuthorizationAuditLevel="Failure" messageAuthenticationAuditLevel="Failure" suppressAuditFailure="true"/> Worked great. On looking at the Application Evnt Log the following message was recorded: The description for Event ID 4 from source ServiceModel Audit 4.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: http://localhost:57978/WCFService.svc http://docs.oasis-open.org/ws-rx/wsrm/200702/CreateSequence <null> MessageSecurityException: Security processor was unable to find a security header in the message. This might be because the message is an unsecured fault or because there is a binding mismatch between the communicating parties. This can occur if the service is configured for security and the client is not using security. The locale specific resource for the desired message is not present Which leads me back to the fact that I have missed comething. Ay ideas?
How do I enable SSL in TestComplete
I am trying to enable SSL in TestComplete but I am stuck. Note: We are not using ReadyAPI nor are we using SOAPUI for generating our tests. Although I do have both working with SSL enabled. The direction of our development is through TestComplete and we are not using the ReadyAPI or Webservices module within TC. I am able to set up the aqHTTP authentication on each service but I am stuck and how to use and get access to the local Certificate. Suggestions or comments?
Validate Server SSL Certificate Against Soap-UI TrustStore
Dear All, I am trying to create a Soap-UI test which does a call against a server with a verified certificate by the CA (Certificate Authority) of my client. We want to validate this against a truststore in soap-ui to validate if the server certificate is indeed the correct, signed certificate we expect. My problem is that my test always succeeds, I actually want my test to succeed when the server presents a signed certificate, but I want the test to fail if the server presents a self-signed certificate. I have tried this with both SoapUI-5.5.0 as well as ReadyAPI 2.8. I have tried starting SoapUI withSSLv3 and TLS in the vmoptions configuration file. I have ofcourse imported the truststore in SoapUI in "Show Project View" menu, and I have done step 4. from the documentation on page: https://www.soapui.org/soapui-projects/ws-security.html Which I expect links my truststore to the project. I have not changed anything in SSL in the Preferences. On the latter page we also notice that in step 1.9 in the Authentication menu the "Incoming WSS:" selection box can be found in the documentation, but it is not there in our application (Both the SoapUI and ReadyAPI). This menu is also not present after uploading the truststore and finishing step 4.
SOAP/HTTPS -SSL Issue - Extension unknown: DER encoded OCTET
SOAPUI 5.2.1 (Open Source) on Windows 7 Enterprise Hi, We have a SOAP based web service runningon HTTPSon a remote server with the SSL Key signed by the internal CA. I downloaded the WSDL using the IE Browser over HTTPS and saved it into a file. Created new SOAPUI project using the WSDL file created in previous step with sample request messages created automatically. I installed client certificate as .PFX file in a local directory and updated global SSL Settings (File --> Preferences--> SSL Settings) pointing to the client.pfx file with password, also checked 'client authentication' box. Also edited SOAPUI-5.2.1.vmoptions with following parameter: -Dsun.security.ssl.allowUnsafeRenegotiation=true and edited soapui.bat with JAVA_OPTS with: -Dsoapui.https.protocols=TLSv1.2,TLSv1, SSLv3 -Dsoapui.https.ciphers=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA When I invoke the web service I get HTTP/1.1 200 OK in response header but I do not see anything in the response window which remains blank. There is also nothing in the 'error log'. when I look into the 'SSL info(1 certs)' and inspect it I can see certificate details with one interesting entrywhich says: [2]: ObjectId: 1.3.6.1.4.1.311.21.7 Criticality=false Extension unknown: DER encoded OCTET String = There are total 8 Certificate Extensions in the SSL Info (1 certs)tab. Need help resolve this error as we cannot make any progress. Really appreciate your help! Many Thanks! Salman
javax.net.ssl.SSLHandshakeException: Received fatal alert: unsupported_certificate
I am receiving the error:javax.net.ssl.SSLHandshakeException: Received fatal alert: unsupported_certificate. Background information: ReadyAPI is configured for SSL using Certificate Store with "Use Windows Certificate Store" and Client authentication with "Requires client authentication". Windows certificate store contains 4 valid certificates from a single smart card. All 4 certificates are from the same issuer. Each certificate has a set of "Intended Purpose". Examples: Cert1 - PIV Authentication Cert2 - Time Stamping, Server Auth, Client Auth, Secure Email Cert3 - Secure Email Cert4 - Client Authentication The target webserver is prompting the client for a certificate from a list of authorities. All 4 certificates are valid based on the server requirements. Problem: ReadyAPI is correctly pulling all 4 client certificates from the Windows store. It properly matches them up to only get the ones that meet the requirements of the server. However, not all certificates have the proper intended purpose. The problem is that 4 certificates meet the server requirements and the client is not allowing the user to choose the certificate or match the certificate with the right "intended purpose". In addition, the client does not retry the other 3 certificates. As a result, the client is sending Cert3 (Secure Email) instead of sending Cert1. Is there a way to force the client to choose the right certificate? Or is there a java option that will statically assign the certificate? Here is a snippet from the client log with logging at a high level. javax.net.ssl|DEBUG|05 C0|Thread-84|2020-10-28 14:45:38.494 CDT|CertificateRequest.java:653|Consuming CertificateRequest handshake message ( "CertificateRequest": { "certificate types": [rsa_sign, dss_sign, ecdsa_sign] "supported signature algorithms": [rsa_pkcs1_sha512, dsa_sha512, ecdsa_secp521r1_sha512, rsa_pkcs1_sha384, dsa_sha384, ecdsa_secp384r1_sha384, rsa_pkcs1_sha256, dsa_sha256, ecdsa_secp256r1_sha256, rsa_sha224, dsa_sha224, ecdsa_sha224, rsa_pkcs1_sha1, dsa_sha1, ecdsa_sha1] "certificate authorities": [OU=ABC123, O=XYZ, C=XX, ...] } ) javax.net.ssl|DEBUG|05 C0|Thread-84|2020-10-28 14:45:38.498 CDT|SunX509KeyManagerImpl.java:401|matching alias: Cert2 javax.net.ssl|DEBUG|05 C0|Thread-84|2020-10-28 14:45:38.499 CDT|SunX509KeyManagerImpl.java:401|matching alias: Cert4 javax.net.ssl|DEBUG|05 C0|Thread-84|2020-10-28 14:45:38.499 CDT|SunX509KeyManagerImpl.java:401|matching alias: Cert3 javax.net.ssl|DEBUG|05 C0|Thread-84|2020-10-28 14:45:38.499 CDT|SunX509KeyManagerImpl.java:401|matching alias: Cert1 javax.net.ssl|DEBUG|05 C0|Thread-84|2020-10-28 14:45:38.499 CDT|ServerHelloDone.java:142|Consuming ServerHelloDone handshake message ( ... .... ... javax.net.ssl|ERROR|05 C0|Thread-84|2020-10-28 14:45:43.899 CDT|TransportContext.java:312|Fatal (UNSUPPORTED_CERTIFCATE): Received fatal alert: unsupported_certificate ( "throwable" : { javax.net.ssl.SSLHandshakeException: Received fatal alert: unsupported_certificate at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131) at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:307) at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:285) at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:180)
