I have to make https calls to an api that appears to not have validated SSL certificate. I would still like to make calls to the api using the Http().singleRequest method of akka-http.
When I make a call, I however get the following error:
javax.net.ssl.SSLHandshakeException: General SSLEngine problem
When I make a call with curl, I get
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it.
The calls with curl however work if I had the flag --insecure.
In akka-http, I tried the following:
val badSslConfig = AkkaSSLConfig().mapSettings(
s => s.withLoose(
s.loose
.withAcceptAnyCertificate(true)
.withAllowLegacyHelloMessages(Some(true))
.withAllowUnsafeRenegotiation(Some(true))
.withAllowWeakCiphers(true)
.withAllowWeakProtocols(true)
.withDisableHostnameVerification(true)
.withDisableSNI(true)
)
)
val badCtx = Http().createClientHttpsContext(badSslConfig)
Http()
.singleRequest(
HttpRequest(
HttpMethods.POST,
uri = Uri("https://..."),
protocol = HttpProtocols.`HTTP/1.1`
),
connectionContext = badCtx
)
but I still get the same error.
What should I do to fix the issue?
PS: I understand (given the many warnings in akka-http docs) that it is something that I shouldn't do in production but I'd like this workaround to work for now...
I had similar problem some time ago and as far as I remember it had to do with this issue. Workaround for that problem is to have own implementation of SSLContext that will accept just anything. Implementation is pretty straightforward and the example can be found in the last comment of of issue linked above.
Related
when I use https in play framework it shows like this
WARN akka.actor.ActorSystemImpl akka.actor.ActorSystemImpl(play-dev-mode) Illegal request, responding with status '400 Bad Request': Unsupported HTTP method: The HTTP method started with 0x16 rather than any known HTTP method from 127.0.0.1:45436. Perhaps this was an HTTPS request sent to an HTTP endpoint?
if anyone know how to use HTTPS in play framework,please explain the steps properly.
i can't clearly understad the documentation
instead of "sbt run" we need to use "sbt run -Dhttps.port=9443 -Dhttp.port=disabled"
and it runs in port number :9443
I am new to Scala. I am trying to access REST API URl and trying to get json data from there using Scalaj-Http with Spark framework in local vm(Intellij). But with the following Code I am always getting Http error code 401 from code and the server log is responding with "new ssl session,TLS V1.2 No Client Cert.
The jks file that I am using seems ok with proper SSL Handshake and its installed on server side.
val url = "https://abcdef:1234/api/v1/get?q=abc"
val alias ="xxxxxx-1234 yyyyy"
val sslFactory = SSLFactory.builder()
.withIdentityMaterial("abc.jks","pass".tocharArray)
.withTrustMaterial("abc.jks","pass".tocharArray)
.withClientIdentityRoute(alias,url)
.build()
val optn = HttpOptions.sslSocketFactory(sslfactory.getSslSocketfactory)
val res = Http(url) //Here getting 401 res.code
.option(optn)
.option(HttpOptions.allowUnsafeURL)
.asString
Tried everything but unable to solve. Kindly help please
I got the code working as I have to discard this option option(HttpOptions.allowUnsafe
URL)
Thanks
I am trying to get access token from https://login.microsoftonline.com/{tenentname}/oauth2/v2.0/token endpoints though HttpClient post request. Applied required 4 parameters/headers with the same.
But I am getting connection timed out. Connection will be retried using another IP address (after trying with 7 different IP address) getting Shutdown connection error. Connection discarded.
Please find below code snippet.
HttpClientConnectionManager poolingConnManager = new PoolingHttpClientConnectionManager();
HttpPost post = new HttpPost("https://login.microsoftonline.com/{tenentname}/oauth2/v2.0/token");
List<NameValuePair> urlParameters = new ArrayList<>();
urlParameters.add(new BasicNameValuePair("grant_type", "client_credentials"));
urlParameters.add(new BasicNameValuePair("client_id", {id_value}));
urlParameters.add(new BasicNameValuePair("client_secret", {secret_value}));
urlParameters.add(new BasicNameValuePair("scope", "https://graph.microsoft.com/.default"));
post.setEntity(new UrlEncodedFormEntity(urlParameters));
post.setHeader("Content-type", "application/x-www-form-urlencoded");
ClosableHttpClinet httpClient = HttpClients.custom().setConnectionManager(poolingConnManager).build();
ClosableHttpResponse response = httpClinet.execute(post);
System.out.println(EntityUtils.toString(response.getEntity()));
Same its worked with Postman without any proxy setting, I am getting proper response in Postman.
Please assist on the same.
Instead of using HTTPClient, i tried with Microsoft Graph Client (you can download from NuGet) and it worked for me. So i would suggest you to follow the steps.
Install the SDK
Configure the GraphClient
Make the call.
Also with specific to ivy dependency, here's the related thread.
I have Spring service hosted on Jetty and I want to test that it doesn't allow users to connect with invalid certificates.
scenario("Authenticate using expired client certificate")
.exec(session => session.setAll(
Map("gatling.http.ssl.keyStore.file" -> "expiredCertificateKeystore.jks",
"gatling.http.ssl.trustStore.file" -> "truststore.jks"))
.exec(
http("GET / request")
.get("/")
.check(/*that IOException is thrown*/)
)
Since Jetty cuts connection because of expected java.security.cert.CertificateExpiredException while connecting with invalid certificate, Gatling's HTTP client doesn't receive any return code from server and throws java.io.IOException: Remotely closed
Is there any way to tell Gatling that this error is expected and this behavior should be considered as success? I could not find any documentation about such feature.
No, it's not possible to recover IO exceptions.
What you're doing is a functional test, not a load test one, which is fine, but we didn't consider this use case.
I have a working spring-mvc application with rest services and some rest-assured tests which are fine :
#Test
public void createFoobarFromScratchReturns201(){
expect().statusCode(201).given()
.queryParam("foo", generateFoo())
.queryParam("bar", generateBar())
.when().post("/foo/bar/");
}
=> OK
Then I implemented a digest authentication. Everything is working well, now I have to log in to use my services :
curl http://localhost:8089/foo/bar
=> HTTP ERROR 401, Full authentication is required to access this resource
curl http://localhost:8089/foo/bar --digest -u user_test:password
=> HTTP 201, CREATED
But when I try to upgrade my tests with the most obvious function, I still have a 401 error :
#Test
public void createFoobarFromScratchReturns201(){
expect().statusCode(201).given()
.auth().digest("user_test", "password") // Digest added here
.queryParam("foo", generateFoo())
.queryParam("bar", generateBar())
.when().post("/foo/bar/");
}
=> Expected status code <201> doesn't match actual status code <401>
I found some clues with the preemptive() function, but it seems to be only implemented for basic :
// Returns an AuthenticatedScheme and stores it into the general configuration
RestAssured.authentication = preemptive().basic("user_test", "password");
// Try a similar thing, but it didn't work :
RestAssured.authentication = RestAssured.digest("user_test", "password");
Currently, I am trying to achieve two things :
I need to upgrade a couple of my tests to support digest
I need to amend the #Before of the rest of my tests suites (whose are not related to auth issues), to be already logged in.
Any ideas or documentation ?
Try enabling support for cookies in the HTTP client embedded inside Rest Assured with:
RestAssuredConfig config = new RestAssuredConfig().httpClient(new HttpClientConfig().setParam(ClientPNames.COOKIE_POLICY, CookiePolicy.BEST_MATCH));
expect().statusCode(201).given()
.auth().digest("user_test", "password") // Digest added here
.config(config)
.queryParam("foo", generateFoo())
.queryParam("bar", generateBar())
.when().post("/foo/bar/");
The HTTP client (and therefore Rest Assured) supports digest authentication and the configuration of RestAssured using the digest method works well.