0

I can't get HTTPS URL's working with betamax.

It's similar to this other issue posted below, however I've already done the betamax.pem file import and it seems to have had no effect:

Here's the import command I ran:

c:\Users\UserAccount>"%JAVA_HOME%/bin/keytool.exe" -importcert -keystore "%JAVA_HOME%/jre/lib/security/cacerts" -file betamax.pem -alias betamax -storepass changeit -noprompt

Here is my config: 

    static final File TAPES =
    new File(System.getProperty('BETAMAX_TAPEDIR') ?:
        'src/integrationTest/resources/betamax/tapes')

    static final TapeMode TAPEMODE =
    System.getProperty('BETAMAX_MAKETAPES') ?
        TapeMode.READ_WRITE :
        TapeMode.READ_ONLY

    static final Integer PROXYPORT =
    System.getProperty('BETAMAX_PROXYPORT') ?
        System.getProperty('BETAMAX_PROXYPORT').toInteger() :
        Configuration.DEFAULT_PROXY_PORT

    @Shared
    Configuration configuration =  Configuration.builder()
            .tapeRoot(TAPES)
            .ignoreLocalhost(false)
            .defaultMode(TAPEMODE)
            .proxyPort(PROXYPORT)
            .sslEnabled(true)
            .build()

    @Rule
    RecorderRule recorder = new RecorderRule(configuration)

    @Betamax(tape='GradleNews.tape')
    def "Try record HTTPS"()
    {
      when:
      def http = new RESTClient('https://discuss.gradle.org')
      http.head path: 'c/books-articles'

      then:
      true
    }

Which produces: 

javax.net.ssl.SSLException: hostname in certificate didn't match: <discuss.gradle.org> != <*.discourse.org> OR <*.discourse.org> OR <discourse.org>

Can anyone see what I'm doing wrong?

Here's a report of a similar issue: Betamax fails to record HTTPS traffic

Community
  • 1
  • 1
solvingJ
  • 1,321
  • 1
  • 19
  • 30
  • What version are you using? – Sean Freitag Sep 05 '16 at 13:39
  • Side note: I really like the `System.getProperty('BETAMAX_MAKETAPES')`. It's cute and effective :) – Sean Freitag Sep 05 '16 at 13:48
  • This appears to be a bug in Betamax. When I do a download of https://discuss.gradle.org, it appears to save to a tape correctly. However, seeing an exception when trying to resolve a certificate for `discourse.org` indicates to me that the RESTClient is seeking a `discourse.org` in a way that we're not appropriately installing a MITM on. What RESTClient are you using? – Sean Freitag Sep 05 '16 at 13:55
  • Credit to ysb33r for the use of system props. Currently using HTTPBuilder restclient, but ultimately want to use okhttp client. – solvingJ Sep 05 '16 at 14:43

1 Answers1

0

In summary, the answer to this is that HTTPBuilder does not respect the automatic redirect to proxy implemented by Betamax. This is documented on the betamax.software documentation, which I seem to have misunderstood. To work with HTTPBuilder (or it's RESTClient derivative), just set the proxy host/port on the httpclient manually to 127.0.0.1/5555 respectively. When using an HTTP client which respects the JVM proxy setting, it seems to work seamlessly.

It's also worth noting that the error message was very misleading. When using RESTClient, it seems to point to an issue in the certificate, which made me spend a day trying to figure out why it's not seeing the betamax certificate in the certificate store. However, there was no issue with the certificate, it was fixed purely by setting the proxy manually.

solvingJ
  • 1,321
  • 1
  • 19
  • 30