Wojciech Musiał Wojciech Musiał - 3 months ago 26
Java Question

Betamax fails to record HTTPS traffic

My question is connected with Betamax library. I have problem with recording HTTPS traffic. I am using Betamax 1.1.2, JDK 1.6, Groovy 2.2.2 and jUnit 4.11.

My test code:

@Rule
public Recorder recorder = new Recorder();

@Before
public void setup() {
recorder.setSslSupport(true);
}


@Betamax(tape = "my_tape")
@Test
public void test1() throws Exception {

MyConnector connector = new Connector();

String response = connector.getResponse();

assertThat(response, is("response"));
}


Response that I get is:

2014-04-01 08:34:16 DEBUG log:70 - REQUEST *:443 on org.eclipse.jetty.server.nio.SelectChannelConnector$2@10eaa67
2014-04-01 08:34:16 DEBUG CustomConnectHandler:70 - CONNECT request for webserivce:443
2014-04-01 08:34:16 DEBUG ssl:70 - [Session-1, SSL_NULL_WITH_NULL_NULL] channel=java.nio.channels.SocketChannel[connected local=/127.0.0.1:5556 remote=/127.0.0.1:51033]
2014-04-01 08:34:16 DEBUG ssl:70 - [Session-1, SSL_NULL_WITH_NULL_NULL] unwrap filled 0
2014-04-01 08:34:16 DEBUG CustomConnectHandler:70 - Upgraded connection to ClientToProxy(:5555<=>:51032)
2014-04-01 08:34:16 DEBUG log:70 - RESPONSE webservice:443 101
2014-04-01 08:34:16 DEBUG CustomConnectHandler:70 - ClientToProxy(:5555<=>:51032): begin reading from client
2014-04-01 08:34:16 DEBUG CustomConnectHandler:70 - ClientToProxy(:5555<=>:51032): registered channel java.nio.channels.SocketChannel[connected local=/127.0.0.1:51033 remote=/127.0.0.1:5556] with
ection ProxyToServer(:51033<=>:5556)
2014-04-01 08:34:16 DEBUG CustomConnectHandler:70 - ClientToProxy(:5555<=>:51032): end reading from client
2014-04-01 08:34:16 DEBUG CustomConnectHandler:70 - ProxyToServer(:51033<=>:5556): begin reading from server
2014-04-01 08:34:16 DEBUG CustomConnectHandler:70 - ProxyToServer(:51033<=>:5556): end reading from server
2014-04-01 08:34:16 DEBUG CustomConnectHandler:70 - ClientToProxy(:5555<=>:51032): begin reading from client
2014-04-01 08:34:16 DEBUG CustomConnectHandler:70 - ClientToProxy(:5555<=>:51032): read from client 216 bytes SCEP@9449047java.nio.channels.SocketChannel[connected local=/10.7.44.33:5555 remote=/
44.33:51032][d=true,io=1,w=true,rb=false,wb=false]
2014-04-01 08:34:16 DEBUG CustomConnectHandler:70 - Written 216/216 bytes SCEP@21460451java.nio.channels.SocketChannel[connected local=/127.0.0.1:51033 remote=/127.0.0.1:5556][d=false,io=1,w=true
alse,wb=false]
2014-04-01 08:34:16 DEBUG CustomConnectHandler:70 - ClientToProxy(:5555<=>:51032): written to ProxyToServer(:51033<=>:5556) 216 bytes
2014-04-01 08:34:16 DEBUG CustomConnectHandler:70 - ClientToProxy(:5555<=>:51032): end reading from client
2014-04-01 08:34:16 DEBUG ssl:70 - [Session-1, SSL_NULL_WITH_NULL_NULL] unwrap filled 216
2014-04-01 08:34:16 DEBUG ssl:70 - [Session-1, SSL_NULL_WITH_NULL_NULL] unwrap filled 0
2014-04-01 08:34:16 DEBUG ssl:70 - [Session-1, SSL_NULL_WITH_NULL_NULL] unwrap unwrap Status = OK HandshakeStatus = NEED_TASK
bytesConsumed = 216 bytesProduced = 0
2014-04-01 08:34:16 DEBUG ssl:70 - [Session-1, SSL_NULL_WITH_NULL_NULL] fill wrap Status = OK HandshakeStatus = NEED_UNWRAP
bytesConsumed = 0 bytesProduced = 854
2014-04-01 08:34:16 DEBUG ssl:70 - [Session-1, SSL_NULL_WITH_NULL_NULL] Flushed 854/854
2014-04-01 08:34:16 DEBUG ssl:70 - [Session-1, SSL_NULL_WITH_NULL_NULL] unwrap filled 0
2014-04-01 08:34:16 DEBUG CustomConnectHandler:70 - ProxyToServer(:51033<=>:5556): begin reading from server
2014-04-01 08:34:16 DEBUG CustomConnectHandler:70 - ProxyToServer(:51033<=>:5556): read from server 854 bytes SCEP@21460451java.nio.channels.SocketChannel[connected local=/127.0.0.1:51033 remote=
0.0.1:5556][d=true,io=1,w=true,rb=false,wb=false]
2014-04-01 08:34:16 DEBUG CustomConnectHandler:70 - Written 854/854 bytes SCEP@9449047java.nio.channels.SocketChannel[connected local=/10.7.44.33:5555 remote=/10.7.44.33:51032][d=false,io=1,w=tru
false,wb=false]
2014-04-01 08:34:16 DEBUG CustomConnectHandler:70 - ProxyToServer(:51033<=>:5556): written to ClientToProxy(:5555<=>:51032) 854 bytes
2014-04-01 08:34:16 DEBUG CustomConnectHandler:70 - ProxyToServer(:51033<=>:5556): end reading from server
2014-04-01 08:34:16 DEBUG CustomConnectHandler:70 - ClientToProxy(:5555<=>:51032): begin reading from client
2014-04-01 08:34:16 DEBUG CustomConnectHandler:70 - ClientToProxy(:5555<=>:51032): read from client 7 bytes SCEP@9449047java.nio.channels.SocketChannel[connected local=/10.7.44.33:5555 remote=/10
.33:51032][d=true,io=1,w=true,rb=false,wb=false]
2014-04-01 08:34:16 DEBUG CustomConnectHandler:70 - Written 7/7 bytes SCEP@21460451java.nio.channels.SocketChannel[connected local=/127.0.0.1:51033 remote=/127.0.0.1:5556][d=false,io=1,w=true,rb=
,wb=false]
2014-04-01 08:34:16 DEBUG CustomConnectHandler:70 - ClientToProxy(:5555<=>:51032): written to ProxyToServer(:51033<=>:5556) 7 bytes
2014-04-01 08:34:16 DEBUG ssl:70 - [Session-1, SSL_NULL_WITH_NULL_NULL] unwrap filled 7
2014-04-01 08:34:16 DEBUG ssl:70 - [Session-1, SSL_NULL_WITH_NULL_NULL] unwrap filled 0
2014-04-01 08:34:16 DEBUG CustomConnectHandler:70 - ClientToProxy(:5555<=>:51032): client closed connection SCEP@9449047java.nio.channels.SocketChannel[closed][d=true,io=1,w=true,rb=false,wb=fals
2014-04-01 08:34:16 WARN log:40 - javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
2014-04-01 08:34:16 DEBUG CustomConnectHandler:70 - ClientToProxy(:5555<=>:51032): end reading from client
2014-04-01 08:34:16 DEBUG log:80 - EXCEPTION
javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1619)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1587)
at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1756)
at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1060)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:884)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:758)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.unwrap(SslSelectChannelEndPoint.java:708)
at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.fill(SslSelectChannelEndPoint.java:323)
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:292)
at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:214)
at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:411)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:526)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:41)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:528)
at java.lang.Thread.run(Thread.java:744)
2014-04-01 08:34:16 DEBUG log:80 - EXCEPTION
javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1619)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1587)
at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1756)
at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1060)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:884)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:758)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.unwrap(SslSelectChannelEndPoint.java:708)
at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.fill(SslSelectChannelEndPoint.java:323)
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:292)
at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:214)
at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:411)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:526)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:41)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:528)
at java.lang.Thread.run(Thread.java:744)
2014-04-01 08:34:16 WARN PhaseInterceptorChain:384 - Interceptor for {***e#{** has thrown exception, unwindin

org.apache.cxf.interceptor.Fault: Could not send Message.
at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:64)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:533)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:88)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134)
at com.sun.proxy.$Proxy91.sprawdzPrzesylke(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:47)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:44)
at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26)
at org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:27)
at org.junit.internal.runners.statements.RunAfters$evaluate.call(Unknown Source)
at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:45)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:108)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:112)
at co.freeside.betamax.Recorder$_1_evaluate_closure1.doCall(Recorder.groovy:186)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:90)
at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:233)
at org.codehaus.groovy.runtime.metaclass.ClosureMetaClass.invokeMethod(ClosureMetaClass.java:272)
at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:909)
at org.codehaus.groovy.runtime.callsite.PogoMetaClassSite.callCurrent(PogoMetaClassSite.java:66)
at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallCurrent(CallSiteArray.java:49)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:133)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:141)
at co.freeside.betamax.Recorder$_1_evaluate_closure1.doCall(Recorder.groovy)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:90)
at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:233)
at org.codehaus.groovy.runtime.metaclass.ClosureMetaClass.invokeMethod(ClosureMetaClass.java:272)
at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:909)
at org.codehaus.groovy.runtime.callsite.PogoMetaClassSite.call(PogoMetaClassSite.java:39)
at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:45)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:108)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:112)
at co.freeside.betamax.Recorder.withTape(Recorder.groovy:168)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:90)
at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:233)
at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1085)
at org.codehaus.groovy.runtime.ScriptBytecodeAdapter.invokeMethodOnCurrentN(ScriptBytecodeAdapter.java:78)
at co.freeside.betamax.Recorder.this$dist$invoke$2(Recorder.groovy)
at co.freeside.betamax.Recorder$1.methodMissing(Recorder.groovy)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:90)
at groovy.lang.MetaClassImpl.invokeMissingMethod(MetaClassImpl.java:837)
at groovy.lang.MetaClassImpl.invokePropertyOrMissing(MetaClassImpl.java:1134)
at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1087)
at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:909)
at org.codehaus.groovy.runtime.callsite.PogoMetaClassSite.callCurrent(PogoMetaClassSite.java:66)
at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallCurrent(CallSiteArray.java:49)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:133)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:149)
at co.freeside.betamax.Recorder$1.evaluate(Recorder.groovy:185)
at org.junit.rules.TestWatcher$1.evaluate(TestWatcher.java:55)
at org.junit.internal.runners.statements.FailOnTimeout$StatementThread.run(FailOnTimeout.java:74)
Caused by: javax.net.ssl.SSLHandshakeException: SSLHandshakeException invoking https://webservice/: sun.security.validator.Valida
ception: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:526)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:1431)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1416)
at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:649)
at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
... 77 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find va
ertification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1091)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1368)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1310)
at org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:42)
at org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:69)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1388)
... 80 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested t

at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323)
... 96 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
... 102 more
2014-04-01 08:34:16 DEBUG log:70 - EOF
org.eclipse.jetty.io.EofException
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:321)
at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:214)
at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:411)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:526)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:41)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:528)
at java.lang.Thread.run(Thread.java:744)
Caused by: javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1619)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1587)
at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1756)
at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1060)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:884)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:758)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.unwrap(SslSelectChannelEndPoint.java:708)
at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.fill(SslSelectChannelEndPoint.java:323)
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:292)
... 6 more
2014-04-01 08:34:16 DEBUG ssl:70 - [Session-1, SSL_NULL_WITH_NULL_NULL] closing NEED_WRAP
2014-04-01 08:34:16 DEBUG ssl:70 - [Session-1, SSL_NULL_WITH_NULL_NULL] close wrap Status = CLOSED HandshakeStatus = NEED_UNWRAP
bytesConsumed = 0 bytesProduced = 7
2014-04-01 08:34:16 DEBUG ssl:70 - [Session-1, SSL_NULL_WITH_NULL_NULL] Flushed 7/7
2014-04-01 08:34:16 DEBUG ssl:70 - [Session-1, SSL_NULL_WITH_NULL_NULL] closing NEED_UNWRAP
2014-04-01 08:34:16 DEBUG ssl:70 - [Session-1, SSL_NULL_WITH_NULL_NULL] unwrap filled -1


According to Betamax documentation, I try to use Betamax proxy to intercept my connection. In docs they said that it's enough to set ssl property, but I am getting ssl certificates issues all the time. I would expect Betamax to record the tape with HTTPS traffic. In case of ordinary HTTP traffic everything works just fine. I also tried to manually add certificate of webservice that I try to connect to cacerts in JAVA_HOME, betamax.keystore or tried to create my own trust store but everything failed. I run this test from inside IntelliJ and with mvn test, but the result is the same.

Is there anyone who managed to create working HTTPS example?

Answer

You need to understand that HTTPS is meant to be secure. So it's been hardened against just the tampering which you try to do (the technical term is "man in the middle attack").

The first thing which you need to set up a working HTTPS proxy is a valid CA-signed certificate, otherwise Java (or rather the SSL used in Java) will complain.

A self-signed certificate is often enough for unit tests since you can configure Java to accept this certificate as valid.

Also the Java VM option -Djavax.net.debug=ssl will dump a lot of information in your lap what is going on. Check that output to see whether Java did actually load your trust store, whether it accepts the keys inside and the like.