Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

withClientCertificateChain() doesn't work? #1792

Open
pavilalopes opened this issue Aug 31, 2023 · 0 comments
Open

withClientCertificateChain() doesn't work? #1792

pavilalopes opened this issue Aug 31, 2023 · 0 comments

Comments

@pavilalopes
Copy link

pavilalopes commented Aug 31, 2023
edited
Loading

Describe the issue
Couldn't figure out how to use the method withClientCertificateChain():

  • When used with verify() it does nothing (verify succeeds even if the condition is not met)
  • When used with when(), the server complains that the expectation request is malformed - example code and error below

MockServer version
5.15.0 (but also tested in latest git version)

To Reproduce
Steps to reproduce the issue:

  1. How you are running MockServer (i.e maven plugin, docker, etc) - In Java via ClientAndServer.startClientAndServer()
  2. Code you used to create expectations 
         mockServer.when(
             request()
                     .withClientCertificateChain(List.of(new X509Certificate().withIssuerDistinguishedName("CN=whatever")))
                     .withMethod("POST")
                     .withPath("/v1/customer/update"), Times.once())
             .respond(response()
                     .withStatusCode(200));
  3. What error you saw 
     java.lang.IllegalArgumentException: incorrect expectation json format for:
   {
     "httpRequest" : {
       "method" : "POST",
       "path" : "/v1/customer/update"
     },
     "id" : "b3100a82-c364-4617-81ea-3e6d6889219c",
     "priority" : 0,
     "timeToLive" : {
       "unlimited" : true
     },
     "times" : {
       "unlimited" : true
     }
   }

  schema validation errors:

   11 errors:
    - $.httpError: is missing, but is required, if specifying action of type Error
    - $.httpForward: is missing, but is required, if specifying action of type Forward
    - $.httpForwardClassCallback: is missing, but is required, if specifying action of type ForwardClassCallback
    - $.httpForwardObjectCallback: is missing, but is required, if specifying action of type ForwardObjectCallback
    - $.httpForwardTemplate: is missing, but is required, if specifying action of type ForwardTemplate
    - $.httpOverrideForwardedRequest: is missing, but is required, if specifying action of type OverrideForwardedRequest
    - $.httpResponse: is missing, but is required, if specifying action of type Response
    - $.httpResponseClassCallback: is missing, but is required, if specifying action of type ResponseClassCallback
    - $.httpResponseObjectCallback: is missing, but is required, if specifying action of type ResponseObjectCallback
    - $.httpResponseTemplate: is missing, but is required, if specifying action of type ResponseTemplate
    - oneOf of the following must be specified [httpError, httpForward, httpForwardClassCallback, httpForwardObjectCallback, httpForwardTemplate, httpOverrideForwardedRequest, httpResponse, httpResponseClassCallback, httpResponseObjectCallback, httpResponseTemplate]
   
   OpenAPI Specification: https://app.swaggerhub.com/apis/jamesdbloom/mock-server-openapi/5.15.x
   Documentation: https://mock-server.com/mock_server/creating_expectations.html

EDIT

Regarding using withClientCertificateChain() with verify(): I just found in the logs that the client includes the certificate chain information in the verify request, so it's the server that is ignoring it (otherwise this verification would have failed because the DN does not match the request):

2023-08-31 20:46:31,709 INFO  [erver-EventLog0] o.mockserver.log.MockServerEventLog  : 22222 verifying requests that match:
  {
    "httpRequest" : {
      "method" : "POST",
      "path" : "/v1/customer/update",
      "headers" : {
        "Content-Type" : [ "application/json(;.+)?" ],
        "Authorization" : [ "Bearer test-api-key-1234567890" ]
      },
      "secure" : true,
      "clientCertificateChain" : [ {
        "issuerDistinguishedName" : "CN=whatever"
      } ]
    },
    "times" : {
      "atLeast" : 1,
      "atMost" : 1
    }
  }

Corresponding request (note the server detected the client certificate correctly):

2023-08-31 20:46:31,597 INFO  [erver-EventLog0] o.mockserver.log.MockServerEventLog  : 22222 received request:

  {
    "method" : "POST",
    "path" : "/v1/customer/update",
    "headers" : {
      "user-agent" : [ "ReactorNetty/1.0.24" ],
      "host" : [ "localhost:22222" ],
      "content-length" : [ "177" ],
      "accept" : [ "*/*" ],
      "Content-Type" : [ "application/json" ],
      "Authorization" : [ "Bearer test-api-key-1234567890" ]
    },
    "keepAlive" : true,
    "secure" : true,
    "clientCertificateChain" : [ {
      "serialNumber" : "705115929530326732747218164685338766837834795324",
      "issuerDistinguishedName" : "CN=Client CA",
      "subjectDistinguishedName" : "CN=test client",
      "signatureAlgorithmName" : "SHA256withRSA"
    } ],
    "protocol" : "HTTP_1_1",
    "localAddress" : "127.0.0.1:22222",
    "remoteAddress" : "127.0.0.1:37244",
    "body" :  // ommited
  }

EDIT 2

Is the server discarding the clientCertificateChain information entirely? Because when we retrieve the above request with mockServer.retrieveRecordedRequests(null, Format.JSON), the clientCertificateChain field is not included in the request information.

At this point I'm out of ideas. There seems to be no way to assert the client certificate information.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@pavilalopes